[
https://issues.apache.org/jira/browse/OODT-801?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14721581#comment-14721581
]
Chris A. Mattmann commented on OODT-801:
----------------------------------------
bq. Yes, there is. All source releases must be published [1] via the ASF
distribution directory and thereby its mirrors. Other publication locations are
allowed, but the ASF dist area is not optional.
"Duh". I know this. Give me a break. However, my point being is that no where
is there guidance about a "standard" location for KEYS to verify the release.
It's simply not there. I don't have to address the issue of the .asc file being
stable as a KEYS file. *You* are the one raising the issue. Do the homework
yourself. It's not our job to do the homework on that. I will state that
oodt.asc contains all the PMC members who have ever released OODT. You are
raising a hypothetical issue that doesn't exist yet. Therefore, it's not a
problem. Should it be a problem and should you have a specific case in which an
OODT release is done by someone who is NOT in the oodt.asc file you can raise
an issue at that time.
> There should be a single KEYS file
> ----------------------------------
>
> Key: OODT-801
> URL: https://issues.apache.org/jira/browse/OODT-801
> Project: OODT
> Issue Type: Bug
> Components: build proces
> Reporter: Sebb
> Fix For: 0.11
>
>
> There should be a single KEYS file [1] that contains all the keys which have
> ever been used to sign a release.
> The existing KEYS files should be merged to form a single KEYS file that
> includes as a minimum all keys that have been used to sign a release.
> [1] http://www.apache.org/dev/release-signing.html#keys-policy
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
