taverna-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stian Soiland-Reyes <st...@apache.org>
Subject Re: [DISCUSS] Release Apache Taverna Server 3.1.0-incubating RC2?
Date Tue, 09 Jan 2018 16:29:53 GMT

To verify the keys, see

> > Release candidates are signed with a GPG key available at:
> > https://dist.apache.org/repos/dist/release/incubator/taverna/KEYS

aka which would equal (After 12 hours)
https://www.apache.org/dist/incubator/taverna/KEYS

aka
curl https://dist.apache.org/repos/dist/release/incubator/taverna/KEYS |
gpg --import -


see also https://www.apache.org/info/verification.html 


Note that this does not mean your PGP keychain trusts my public key,
just so it knows about it, hence you should still get a warning. 

BTW - PGP-way to trust it you would need to also have your own private
key, then do for instance:

  gpg --fingerprint A0FFD119

Meet me and compare fingerprint in person or trusted channel. 
(important - blind trust is pointless here :)


  gpg --sign-key A0FFD119
  gpg --keyserver pgpkeys.mit.edu --send-key A0FFD119

(Now you announce to the world this trust - and others can use it in a
chain of trust)


In ASF we kind of by-pass this by just downloading the KEYS file, which
in a way is just verifying that the person is someone (who knows the
password) to SVN write access to it (in incubator about 2678 ppl)


On Mon, 8 Jan 2018 17:33:15 +0000, Stian Soiland-Reyes <stain@apache.org> wrote:
> As RC1 broke without .git - here's RC2:
> https://lists.apache.org/thread.html/00b8faaa002b6708bdfd7846b16078be06ad781e49535bcc397b4758@%3Cdev.taverna.apache.org%3E
> 
> 
> On Mon, 8 Jan 2018 16:29:29 +0000, Stian Soiland-Reyes <stain@apache.org> wrote:
> > Reply to this thread for any questions/issues for the
> > Taverna Server 3.1.0 release candidate.
> > 
> > Reply to the separate [VOTE] thread with your formal vote:
> > https://lists.apache.org/thread.html/319eac1ea18f89d635d3c05bf1dc3f644c5f76f79673f7e0ac141194@%3Cdev.taverna.apache.org%3E
> > 
> > 
> > Anyone can participate in testing and voting, not just committers,
> > please feel free to try out the release candidate and provide your
> > votes!
> > 
> > How to review a release? https://s.apache.org/review-release
> > 
> > -- 
> > Stian Soiland-Reyes
> > http://orcid.org/0000-0001-9842-9718
> > 

Mime
View raw message