stevedlawrence commented on a change in pull request #345: Adds signing keys for release URL: https://github.com/apache/incubator-daffodil/pull/345#discussion_r401791059
########## File path: KEYS ########## @@ -146,3 +146,51 @@ qIpenMsTA9TFms/EVMkvvyqllMVjjbLRlg0UMhnf/DzgrErp646LkAU0m4jSzGVn QDM28gGyQYTRoMudTseM7Q2//F9LF9pz4tzK0g== =09Ch -----END PGP PUBLIC KEY BLOCK----- +pub rsa3072 2020-04-01 [SC] [expires: 2022-04-01] Review comment: Does that 3072 mean this is an RSA key with 3072 bit length? Apache recommends using 4096: https://www.apache.org/dev/openpgp.html#generate-key You might want to check https://www.apache.org/dev/openpgp.html#sha-defaults so that a slightly stronger key is created. Also, note that it looks like your key expires in a couple of years. I don't think apache requires that keys expire, but make things a little easier so you don't have to update the key in a couple years. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
