Antoine Levy-Lambert wrote:
Hello Kev,
I do not know *all* the available options.
What I did is that I downloaded Gnu PG (www.gnupg.org), installed it on my
computer, generated myself a key. The public part of the key you have to add at
the end of a file called KEYS which is in svn and lists the public keys of the
ant committers.
How to publish your key to a key server I do not remember. I think I uploaded
my public key to a key server, but do not remember off hand how it is called.
You can use GPG to sign the ant binaries and also to sign (or to encrypt)
emails. In the release procedure, there are some emails which have to be signed
too. Thunderbird has a plugin (Enigmail) which can work with GPG.
We can't sign the binaries themselves, as java suddenly changes into
secure mode when that happens. but we can publish signatures of the
checksums, and by signing the email announcement you can provide an
authentication trail to the mirrors.
We also need to look at the release docs to see if it covers
distribution to the maven repository.
-steve
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
