Rob,
The META file is part of the chain of trust, starting with the Apache
root. The META file is delegated to the project chair so I need to add
you to that file and be the one to sign it.
What I don't know is whether the fact, in the KEYS file, you have short
fingerprint will make any difference but if META is incomplete or wrong,
nothing breaks. At the moment, checker.ao is reporting the chain of
trust, not taking action on it.
The chair does updates to META that without needing to couple it to the
release cycle.
Andy
https://checker.apache.org/t
On 25/06/18 14:14, Rob Vesse wrote:
Andy
The release process notes don’t have any detail on how to update the new META
file in the staging repo. The format looks fairly obvious but it isn’t clear
to me what command(s) are needed to get the key fingerprint that is embedded in
that file?
Also what do I need to do to sign the META file after I have appropriately
modified it?
Rob
