Hi, Ah, you're right. I forgot it. Committers can add their PGP key to https://dist.apache.org/repos/dist/dev/arrow/KEYS (not release) but can't add their PGP key to https://dist.apache.org/repos/dist/release/arrow/KEYS . Only PMC members can add their PGP key to https://dist.apache.org/repos/dist/release/arrow/KEYS .
A committer can be a release manager (like Raúl for Apache Arrow 11.0.0 release) but a PMC member (like me for Apache Arrow 11.0.0 release) needs to sign artifacts. Ben, sorry. You can't release the Julia implementation for now because https://github.com/apache/arrow-julia/blob/main/dev/release/release_rc.sh requires signing and it's the main task for the Julia implementation release. We'll be able to invite you to PMC in near future if you continue to contribute the Julia implementation. But we can proceed The Web of Trust process now in case Ben becomes a PMC member. Could any PMC member help this? Thanks, -- kou In <[email protected]> "Re: Apache Arrow PGP Key" on Mon, 20 Mar 2023 09:05:04 +0000, Raphael Taylor-Davies <[email protected]> wrote: > Hi, > > I could be mistaken, but I was under the impression the KEYS file only > contained GPG keys of PMC members > > Kind Regards, > > Raphael > > On 20 March 2023 02:21:02 GMT, Sutou Kouhei <[email protected]> wrote: >>Hi, >> >>Could any PMC member help this? >> >>Thanks, >>-- >>kou >> >>In <calm9rpty850sn8k79y7bbjcsk-ugchnageqfk0nmk2metl8...@mail.gmail.com> >> "Apache Arrow PGP Key" on Tue, 14 Mar 2023 21:56:44 -0400, >> Ben Baumgold <[email protected]> wrote: >> >>> Hi, >>> >>> I recently became an Apache Arrow Committer. As part of this, I would like >>> to add my PGP key to the Apache Arrow release KEYS file >>> <https://dist.apache.org/repos/dist/release/arrow/KEYS>. My understanding >>> is that I need someone to add me to The Web of Trust (link >>> <https://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html>). >>> Are you able to help me with this? >>> >>> Thanks, >>> Ben Baumgold
