incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <dave2w...@comcast.net>
Subject Re: Releases Require KEYS Files
Date Fri, 15 Mar 2019 00:17:36 GMT


> On Mar 14, 2019, at 5:11 PM, Nick Kew <niq@apache.org> wrote:
> 
> 
> 
>> On 14 Mar 2019, at 17:49, Dave Fisher <wave@apache.org> wrote:
>> 
>> Hi -
>> 
>> I’ve been reviewing releases and you are missing your KEYS file from https://dist.apache.org/repos/dist/release/incubator/myriad/
<https://dist.apache.org/repos/dist/release/incubator/myriad/>
>> 
>> Your site should refer users to the KEYS file at https://www.apache.org/dist/incubator/myriad/KEYS
<https://www.apache.org/dist/incubator/myriad/KEYS>
> 
> ASF maintains foundation-wide keys at  https://people.apache.org/keys/committer/ .
> Isn't that a better resource to reference than for individual projects to replicate KEYS?
> Especially for the many folks who are involved with multiple projects!

These are the KEYS for the release managers of the podling/project so that the users of the
download artifact can validate the signature.
We are following Release Distribution Policy. For fun you can take a look at checker.apache.org
<http://checker.apache.org/>.

Some people don’t sign releases with their personal key, but use a code signing key. Often
a podling RM is new to Apache … there is enough to teach.

Feel free to see about making the change, but this volunteer is not going to do a thing with
changing that. ;-) If the ASF wants to pay a large amount of $ then I’ll think about. ;-)

Regards,
Dave


> 
> -- 
> Nick Kew
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message