incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: Releases Require KEYS Files
Date Fri, 15 Mar 2019 01:38:59 GMT
On Fri, 15 Mar 2019 at 00:09, Nick Kew <niq@apache.org> wrote:
>
>
>
> > On 14 Mar 2019, at 17:49, Dave Fisher <wave@apache.org> wrote:
> >
> > Hi -
> >
> > I’ve been reviewing releases and you are missing your KEYS file from https://dist.apache.org/repos/dist/release/incubator/myriad/
<https://dist.apache.org/repos/dist/release/incubator/myriad/>
> >
> > Your site should refer users to the KEYS file at https://www.apache.org/dist/incubator/myriad/KEYS
<https://www.apache.org/dist/incubator/myriad/KEYS>
>
> ASF maintains foundation-wide keys at  https://people.apache.org/keys/committer/ .
> Isn't that a better resource to reference than for individual projects to replicate KEYS?
> Especially for the many folks who are involved with multiple projects!

The KEYS file only needs to contain keys for people who sign releases.

Also it needs to be stored on the archive server so people can
validate historic releases.
For this reason, keys should not be removed from the file.

The key files at people.apache.org are not really suitable for
download validation.

> --
> Nick Kew
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message