+1
On Wed, Mar 5, 2014 at 10:47 PM, Carlos Santana <[email protected]>wrote: > Thanks I just saw your tweet > > > On Wed, Mar 5, 2014 at 10:42 PM, Andrew Grieve <[email protected]> > wrote: > > > Just moved SetUpGpg wiki into coho as well since that's very release > > process applicable. Problem is just that the github mirrors are not > > up-to-date yet. You can see all the docs via apache's gitweb: > > > > > > > https://git-wip-us.apache.org/repos/asf?p=cordova-coho.git;a=blob;f=docs/setting-up-gpg.md > > > > I've tweeted my gpg fingerprint: https://twitter.com/GrieveAndrew. Just > as > > good as a phone call? > > > > If someone figures out how to use gpg --edit-key to fix up this message, > > would be good to paste the commands into setting-up-gpg.md. > > > > > > > > On Wed, Mar 5, 2014 at 9:26 PM, Carlos Santana <[email protected]> > > wrote: > > > > > I think I found the information here > > > https://www.apache.org/info/verification.html > > > > > > Based on this *"Some people are satisfied by reading the key signature > > over > > > a telephone (voice verification). "* > > > > > > Should I give you a call Andrew? :-p > > > > > > By they way shouldn't the "KEYS" file be located in the download > > directory > > > also? https://dist.apache.org/repos/dist/dev/cordova/iab/ > > > > > > > > > --Carlos > > > > > > > > > > > > On Wed, Mar 5, 2014 at 9:02 PM, Carlos Santana <[email protected]> > > > wrote: > > > > > > > With the new process in place, where is documentation on how to > verify > > > the > > > > signing and key stuff > > > > > > > > Was not able to find in the repo: > > > > > > > > https://github.com/apache/cordova-coho/tree/master/docs > > > > > > > > > > > > > > > > > > > > On Wed, Mar 5, 2014 at 5:01 PM, Ian Clelland <[email protected] > > > >wrote: > > > > > > > >> I've seen that before -- it just means that you haven't declared, > > > >> explicitly or implicitly, that you trust that the signing key is > > really > > > >> Andrew's. > > > >> > > > >> The important line should be above that, and should say > > > >> > > > >> gpg: Good signature from "Andrew Grieve (CODE SIGNING KEY) < > > > >> [email protected]>" > > > >> > > > >> What you can do right now is run "gpg --fingerprint", and then have > > > Andrew > > > >> do that same, and verify that they match. Then you can safely ignore > > the > > > >> message :) > > > >> > > > >> The long term solution is to get Andrew's (and Steven's, and anyone > > > >> else's) > > > >> public key signed by some Apache folks. Apparently there's a key > > signing > > > >> party at every ApacheCon, so that'll be a good time to do it. > > > >> > > > >> > > > >> -------- > > > >> Instead of ignoring the message, you can also sign the key with your > > > own: > > > >> > > > >> $ gpg --edit-key [email protected] > > > >> > sign > > > >> > save > > > >> > > > >> > > > >> > > > >> On Wed, Mar 5, 2014 at 3:19 PM, Michal Mocny <[email protected]> > > > wrote: > > > >> > > > >> > +1 > > > >> > > > > >> > However, gpg --verify gives me: > > > >> > > > > >> > gpg: WARNING: This key is not certified with a trusted signature! > > > >> > gpg: There is no indication that the signature belongs to > > the > > > >> > owner. > > > >> > > > > >> > I don't recall seeing this before. I had to add your new key to > > verify > > > >> this > > > >> > time. > > > >> > > > > >> > -Michal > > > >> > > > > >> > > > > >> > On Wed, Mar 5, 2014 at 2:45 PM, Andrew Grieve < > [email protected] > > > > > > >> > wrote: > > > >> > > > > >> > > Please review and vote on the release of this inappbrowser > > release. > > > >> > > > > > >> > > The plugin has been publish here: > > > >> > > https://dist.apache.org/repos/dist/dev/cordova/iab/ > > > >> > > > > > >> > > It is the same as the recently published 0.3.2, except with: > > > >> > > * CB-6172 Fix broken install on case-sensitive file-systems > > > >> > > > > > >> > > The packages were published from their corresponding git tags: > > > >> > > cordova-plugin-inappbrowser: 0.3.3 (a5dedae631) > > > >> > > > > > >> > > Upon a successful vote I will upload the archives to dist/, > upload > > > >> them > > > >> > to > > > >> > > the Plugins Registry, and post the corresponding blog post. > > > >> > > > > > >> > > Voting will go on for a minimum of 20 hours. > > > >> > > > > > >> > > I vote +1. > > > >> > > > > > >> > > > > >> > > > > > > > > > > > > > > > > -- > > > > Carlos Santana > > > > <[email protected]> > > > > > > > > > > > > > > > > -- > > > Carlos Santana > > > <[email protected]> > > > > > > > > > -- > Carlos Santana > <[email protected]> >
