Hi folks, a quick follow up on this, as we were discussing the presence of this committer's keys file [1]. It seems this is autogenerated by Apache [2] and automatically syncs if you upload your GPG key to a server (like documented in the Camel release procedure). In any case, according to our verification procedure, we don't use it, but instead we use the KEYS in [3].
Regards, Pasquale. [1] https://people.apache.org/keys/committer/ [2] https://people.apache.org/keys/ [3] https://downloads.apache.org/camel/KEYS On Tue, Jan 13, 2026 at 1:02 PM Pasquale Congiusti < [email protected]> wrote: > Yes. Once they are merged, we should sync the new KEYS from the repo into > the SVN dist as provided in the documentation recently merged: > > svn checkout https://dist.apache.org/repos/dist/release/camel camel-dist > cd camel-dist > cp /path/to/repo/camel/KEYS . # replace the path with your main project > repository > svn commit -m "Add GPG key for Your Name" > > That's the procedure. Just change the values with the local ones. > > Pasquale. > > On Tue, Jan 13, 2026 at 11:49 AM Federico Mariani < > [email protected]> wrote: > >> Hi Pasquale, >> >> Thanks a lot for it. I was wondering if we should commit the PGP Public >> Key >> in Apache Camel KEYS file as well like this >> https://github.com/apache/camel/pull/20797. >> >> Il giorno mar 13 gen 2026 alle ore 10:17 Pasquale Congiusti < >> [email protected]> ha scritto: >> >> > Hi team, >> > I've worked on this issue [1] as we were missing the expected KEYS gpg >> > file [3] required for release verification. I took the opportunity to >> sync >> > with the last source in the code and to provide a documentation note >> [2] to >> > explain how every committer involved in a release process should update >> and >> > sync his own GPG key accordingly. It is very important that this step is >> > followed not only by those people involved in the main project release, >> but >> > also to all the ones involved in each subproject release as the KEYS >> file >> > used to do the verification is the same (the one on main) regardless of >> the >> > subproject release. >> > >> > If you're a committer involved in a release, please, verify that your >> gpg >> > key is already in [3] and, if not, follow the instruction provided in >> the >> > PR [2] (to be promoted in the official documentation on PR merge). >> > >> > Thanks for your attention. >> > >> > Pasquale. >> > >> > [1] https://issues.apache.org/jira/browse/CAMEL-20282 >> > [2] https://github.com/apache/camel/pull/20794 >> > [3] https://downloads.apache.org/camel/KEYS >> > >> >
