incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <>
Subject RE: [CANCEL] [VOTE] Release Apache Curator 2.0.0-incubating (updated)
Date Thu, 02 May 2013 06:28:41 GMT
Regarding (4),

Once you've created the signature file, simply prepend text to it in front of the 


line.  You can have something like

    Signature by Release Manager Jordan Zimmerman
    Public Key Certificate: 
    [ ... ]

I suppose it would be useful to also link to a page on how to check the signature.

It seems strange to have that in the clear, but it is harmless.

I just confirmed that text in front of the initial ASCII armor line is simply ignored by GnuPG
and I suspect all other PGP signature verification implementations.

 - Dennis

PS: Here's a page that describes how to check, although a group of keys is recommended in
that case:

-----Original Message-----
From: Jordan Zimmerman [] 
Sent: Wednesday, May 01, 2013 15:54
Subject: Re: [CANCEL] [VOTE] Release Apache Curator 2.0.0-incubating (updated)

> 1. Add a UID having your Apache ID, randgalt@, in that PGP public-key certificate.
 You can indicate that it is your preference for code signing, if you desire.
That UID is there already. Can you explain what's missing?

> 2. Log into your randgalt@ a.o profile at <> and provide
the fingerprint of your key as part of your profile.

> 3. BONUS RECOMMENDATION.  Do not put a copy of the public key in the repository.
Already removed. My .asc file should show up in /keys/committer/ soon.

> 4. GRAND PRIZE RECOMMENDATION.  For all external signatures that you create, add to the
ascii-armored signature text (outside of the armor) a link to <>.
No comprende. I'll research how to do this.

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message