> I don't see any reason to have any keys in there, except from release 
> managers who are signing releases. 

Shouldn't any PMC (or committer) should be able to be a release manager? 

The release process should be reliable and reproducible enough to be safe for 
rotating release managers every release. I would have thought security concerns 
were better addressed by a more tested process? And AFAIK no other asf projects 
are as restrictive on who can be the release manager role (but i've only 
checked a few projects).


To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org
For additional commands, e-mail: dev-h...@cassandra.apache.org

Reply via email to