[
https://issues.apache.org/jira/browse/OODT-801?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sebb reopened OODT-801:
-----------------------
Sorry, but the KEYS file must be available from the standard ASF distribution
location. Also the KEYS file must be avaiable for validating archives.
The file https://people.apache.org/keys/group/oodt.asc is not suitable.
It only contains the current keys for the current PMC members. So won't contain
the key of an RM who is not on the PMC, and if an RM leaves the PMC the key
will disappear. This can potentially occur whilst a release is still current.
The standard place for the KEYS file is at
[1] https://dist.apache.org/repos/dist/release/oodt/KEYS
If you have a look at almost every other project you will see such a file.
And because dist is automatically archived it will appear at
http://archive.apache.org/dist/oodt/KEYS
In fact there already is one there, so the fix is to copy it back to [1] and
then add any required new keys.
> There should be a single KEYS file
> ----------------------------------
>
> Key: OODT-801
> URL: https://issues.apache.org/jira/browse/OODT-801
> Project: OODT
> Issue Type: Bug
> Components: build proces
> Reporter: Sebb
> Fix For: 0.11
>
>
> There should be a single KEYS file [1] that contains all the keys which have
> ever been used to sign a release.
> The existing KEYS files should be merged to form a single KEYS file that
> includes as a minimum all keys that have been used to sign a release.
> [1] http://www.apache.org/dev/release-signing.html#keys-policy
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
