www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject Re: Apache Flex: Digitally Signing Air Applications
Date Wed, 18 Jul 2012 01:21:43 GMT
sebb wrote on Wed, Jul 18, 2012 at 02:00:05 +0100:
> On 18 July 2012 01:46, Om <bigosmallm@gmail.com> wrote:
> > On Tue, Jul 17, 2012 at 5:25 PM, Daniel Shahaf <d.s@daniel.shahaf.name>wrote:
> >
> >> PGP-sign it as well, then.  That's the standard way all artifacts are
> >> signed (and centrally verified).
> >>
> >>
> > To be clear, are you suggesting that I sign it twice, once using the AIR
> > signing process and then sign that artifact using the PGP-sign process?
> > Can you please point me to to some documentation for PGP-signing
> > artifacts?  Is this typically done by the Release Manager, or can any
> > committer do this for a release?
> >
> >
> >> For future reference infra-dev@ is a public list, why didn't you CC
> >> flex-dev@?
> >>
> >
> > Apologies for the confusion.  I was told by our PPMC mentor, Dave Fisher
> > (cc-ing him here) that infra-dev is a private list.
> 
> One way to check this in future is to look at the mailing lists available here:
> 
> http://mail-archives.apache.org/mod_mbox/
> 
> That URL is available to all so all the lists shown there are public.

And vice-versa, i.e., all public lists are on that page.  (provided they
have been posted to at least once)

Mime
View raw message