[
https://issues.apache.org/jira/browse/OODT-801?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14721579#comment-14721579
]
Sebb commented on OODT-801:
---------------------------
bq. There is no standard ASF distribution location.
Yes, there is. All source releases must be published [1] via the ASF
distribution directory and thereby its mirrors.
Other publication locations are allowed, but the ASF dist area is not optional.
You have not addressed the issue of the .asc file not being sufficiently stable
as a KEYS file.
It must be possible to verify the source release download without having to
unpack it and the KEYS file must be obtained from the ASF hardware [2]
[1] http://www.apache.org/dev/release-publishing.html#distribution
[2] http://www.apache.org/dev/release-publishing.html#distribution_dist
> There should be a single KEYS file
> ----------------------------------
>
> Key: OODT-801
> URL: https://issues.apache.org/jira/browse/OODT-801
> Project: OODT
> Issue Type: Bug
> Components: build proces
> Reporter: Sebb
> Fix For: 0.11
>
>
> There should be a single KEYS file [1] that contains all the keys which have
> ever been used to sign a release.
> The existing KEYS files should be merged to form a single KEYS file that
> includes as a minimum all keys that have been used to sign a release.
> [1] http://www.apache.org/dev/release-signing.html#keys-policy
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
