I sent a Google Meet invite to you. On Sun, 20 Sep 2020 at 14:26, Davyd McColl <dav...@gmail.com> wrote: > > I'm happy to be available at 8am my side, if that works for everyone else. > It sounds like earlier would be better, but I'm doing the morning school > run from 7am and can't guarantee I'll be back significantly before 8am. > > How to do this? I have zoom and slack on my work machine, can install > Skype if that's more convenient, can do google meet, I assume, though > haven't ever tried, so may need a bit of a crash intro. > > If posting meeting details to the mailing list is not on, feel free to > email me directly (: > > -d > > > On September 20, 2020 20:58:29 Ralph Goers <ralph.go...@dslextreme.com> wrote: > > > 8am in Durban South Africa is 11pm the night before in Phoenix AZ. > > However, I frequently am up until midnight so that could work. 5-5:30 pm is > > 7:30-8 am in Phoenix. I usually am not in front of my computer on a weekday > > until 8 am but on occasion I can do earlier. > > > > Ralph > > > >> On Sep 20, 2020, at 9:46 AM, Davyd McColl <dav...@gmail.com> wrote: > >> > >> Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my > >> son from school) > >> > >> -d > >> > >> > >> On September 20, 2020 18:44:19 Matt Sicker <boa...@gmail.com> wrote: > >> > >>> We’re not quite as strict as Debian for keys (though if you can find a > >>> Debian group locally, they’re great for key signing). The video call idea > >>> could work for exchanging keys. What times would you be available to do > >>> that? > >>> > >>> On Sun, Sep 20, 2020 at 03:09 Davyd McColl <dav...@gmail.com> wrote: > >>> > >>>> Hi Ralph > >>>> > >>>> > >>>> > >>>> I think I miscommunicated: I'm not regenerating my signing key - just the > >>>> > >>>> nuget API key for package upload. This forces me to log in in nuget.org > >>>> > >>>> which has 2fa and then I only use that key on the cli for the immediate > >>>> upload. > >>>> > >>>> > >>>> > >>>> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I > >>>> used > >>>> > >>>> last time. > >>>> > >>>> > >>>> > >>>> -d > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> On September 20, 2020 09:01:36 Ralph Goers <ralph.go...@dslextreme.com> > >>>> wrote: > >>>> > >>>> > >>>> > >>>> > In the long run you don’t want to be regenerating your signing key for > >>>> > >>>> > every release. The point is that you would upload the key to a central > >>>> > >>>> > keystore and other people would sign it there. At ApacheCon we would > >>>> have a > >>>> > >>>> > key signing “party” where we recorded each others keys and then would > >>>> take > >>>> > >>>> > our list and update the central keystore. When people verify the key > >>>> they > >>>> > >>>> > can look at the keystore and see that it is signed by a number of > >>>> people, > >>>> > >>>> > who then have their keys by a number of people and so on so you are > >>>> > >>>> > building a web of trust. Sooner or later there will be someone in that > >>>> web > >>>> > >>>> > that you personally know and trust. > >>>> > >>>> > > >>>> > >>>> > Ralph > >>>> > >>>> > > >>>> > >>>> >> On Sep 19, 2020, at 11:26 PM, Davyd McColl <dav...@gmail.com> wrote: > >>>> > >>>> >> > >>>> > >>>> >> Thanks Matt, I've updated the artifacts on GitHub to have detached > >>>> > >>>> >> signatures. I had previously also uploaded my key to > >>>> >> sks-keyservers.net, > >>>> > >>>> > >>>> >> but I've also uploaded to MIT, though search there always times out. > >>>> > >>>> >> > >>>> > >>>> >> The document you've linked mentions face-to-face interactions to get > >>>> >> my > >>>> key > >>>> > >>>> >> into the official KEYS file. Not sure how many apache people are at my > >>>> end > >>>> > >>>> >> of the world (Durban, South Africa), but I can do an online meeting if > >>>> that > >>>> > >>>> >> helps. Last release, Ralph said I should sign, so I did. I'm new to > >>>> signing > >>>> > >>>> >> release artifacts - I've generally relied on authentication during > >>>> upload > >>>> > >>>> >> as verification of authenticity, with 2FA wherever possible (GitHub > >>>> >> and > >>>> > >>>> >> NPM; nuget survives with an apikey - but for the last 2 releases, I've > >>>> > >>>> >> regenerated the key on each use and only supplied it on the cli at > >>>> upload, > >>>> > >>>> >> so as not to store it locally) > >>>> > >>>> >> > >>>> > >>>> >> -d > >>>> > >>>> >> > >>>> > >>>> >> > >>>> > >>>> >> On September 19, 2020 22:23:41 Matt Sicker <boa...@gmail.com> wrote: > >>>> > >>>> >> > >>>> > >>>> >>> Oh and there's a bit of an issue with the signed files: it looks like > >>>> > >>>> >>> you included _signed files_ rather than detached signatures. Thus, > >>>> >>> the > >>>> > >>>> >>> .asc files are only verifying themselves rather than the accompanying > >>>> > >>>> >>> file. > >>>> > >>>> >>> > >>>> > >>>> >>> There's a --detached option in gpg for this (yeah, it's always had a > >>>> bad UI). > >>>> > >>>> >>> > >>>> > >>>> >>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker <boa...@gmail.com> wrote: > >>>> > >>>> >>>> > >>>> > >>>> >>>> The KEYS file [1] that's linked on the download page does not have > >>>> > >>>> >>>> your key in it. Neither does other KEYS file [2]. Check out [3] for > >>>> > >>>> >>>> more info. > >>>> > >>>> >>>> > >>>> > >>>> >>>> [1]: https://downloads.apache.org/logging/log4net/KEYS > >>>> > >>>> >>>> [2]: https://downloads.apache.org/logging/KEYS > >>>> > >>>> >>>> [3]: https://infra.apache.org/release-signing.html#keys-policy > >>>> > >>>> >>>> > >>>> > >>>> >>>> > >>>> > >>>> >>>> > >>>> > >>>> >>>> On Sat, 19 Sep 2020 at 12:48, Davyd McColl <dav...@gmail.com> wrote: > >>>> > >>>> >>>> > > >>>> > >>>> >>>> > Thanks Matt, I've done so. Hopefully that makes it easier to > >>>> >>>> > verify > >>>> > >>>> >>>> > artifacts that I have signed. > >>>> > >>>> >>>> > > >>>> > >>>> >>>> > -d > >>>> > >>>> >>>> > > >>>> > >>>> >>>> > > >>>> > >>>> >>>> > On September 18, 2020 23:11:48 Matt Sicker <boa...@gmail.com> > >>>> wrote: > >>>> > >>>> >>>> > > >>>> > >>>> >>>> > > If you upload your key to your GitHub profile, that also makes > >>>> >>>> > > it > >>>> > >>>> >>>> > > simple to find. For example, just add ".gpg" to your profile > >>>> >>>> > > URL: > >>>> > >>>> >>>> > > https://github.com/fluffynuts.gpg > >>>> > >>>> >>>> > > > >>>> > >>>> >>>> > > On Fri, 18 Sep 2020 at 16:08, Remko Popma > >>>> >>>> > > <remko.po...@gmail.com> > >>>> wrote: > >>>> > >>>> >>>> > >> > >>>> > >>>> >>>> > >> +1 remko > >>>> > >>>> >>>> > >> > >>>> > >>>> >>>> > >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker <boa...@gmail.com> > >>>> wrote: > >>>> > >>>> >>>> > >> > >>>> > >>>> >>>> > >> > How about your gpg key? I don't think we've imported that to > >>>> the KEYS > >>>> > >>>> >>>> > >> > file as far as I can tell? > >>>> > >>>> >>>> > >> > > >>>> > >>>> >>>> > >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker <boa...@gmail.com> > >>>> wrote: > >>>> > >>>> >>>> > >> > > > >>>> > >>>> >>>> > >> > > Oh sorry, I didn't notice that you uploaded them there > >>>> (wasn't even > >>>> > >>>> >>>> > >> > > aware that it was possible to be honest). > >>>> > >>>> >>>> > >> > > > >>>> > >>>> >>>> > >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl > >>>> >>>> > >> > > <dav...@gmail.com> > >>>> wrote: > >>>> > >>>> >>>> > >> > > > > >>>> > >>>> >>>> > >> > > > Hi Matt > >>>> > >>>> >>>> > >> > > > > >>>> > >>>> >>>> > >> > > > Release artifacts are available on the GitHub release > >>>> >>>> > >> > > > page > >>>> > >>>> >>>> > >> > > > (https://GitHub.com/Apache/logging-log4net/releases) - > >>>> expand the > >>>> > >>>> >>>> > >> > assets > >>>> > >>>> >>>> > >> > > > list if it's collapsed. > >>>> > >>>> >>>> > >> > > > > >>>> > >>>> >>>> > >> > > > I'll need someone to upload them to the downloads source > >>>> as I > >>>> > >>>> >>>> think I > >>>> > >>>> >>>> > >> > don't > >>>> > >>>> >>>> > >> > > > have access to do so (if I'm wrong, I'd love to be > >>>> corrected, > >>>> > >>>> >>>> because > >>>> > >>>> >>>> > >> > I'd > >>>> > >>>> >>>> > >> > > > be less of an annoyance then!). Ralph has stepped in to > >>>> help here in > >>>> > >>>> >>>> > >> > the past. > >>>> > >>>> >>>> > >> > > > > >>>> > >>>> >>>> > >> > > > -d > >>>> > >>>> >>>> > >> > > > > >>>> > >>>> >>>> > >> > > > > >>>> > >>>> >>>> > >> > > > On September 18, 2020 20:09:07 Matt Sicker < > >>>> boa...@gmail.com> wrote: > >>>> > >>>> >>>> > >> > > > > >>>> > >>>> >>>> > >> > > > > Do you have links to the release artifacts? The > >>>> >>>> > >> > > > > download > >>>> page > >>>> > >>>> >>>> links > >>>> > >>>> >>>> > >> > to > >>>> > >>>> >>>> > >> > > > > the live site which doesn't have the artifacts yet > >>>> >>>> > >> > > > > since > >>>> > >>>> >>>> they're not > >>>> > >>>> >>>> > >> > > > > released yet. :) > >>>> > >>>> >>>> > >> > > > > > >>>> > >>>> >>>> > >> > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl > >>>> > >>>> >>>> <davyd.mcc...@codeo.co.za> > >>>> > >>>> >>>> > >> > wrote: > >>>> > >>>> >>>> > >> > > > >> > >>>> > >>>> >>>> > >> > > > >> Hi all > >>>> > >>>> >>>> > >> > > > >> > >>>> > >>>> >>>> > >> > > > >> I have another potential release available: 2.0.11, > >>>> tagged as > >>>> > >>>> >>>> > >> > rc/2.0.11 > >>>> > >>>> >>>> > >> > > > >> > >>>> > >>>> >>>> > >> > > > >> Changes are really minor: > >>>> > >>>> >>>> > >> > > > >> - fixed assembly versioning (all assemblies should > >>>> report > >>>> > >>>> >>>> 2.0.11.0 > >>>> > >>>> >>>> > >> > as their > >>>> > >>>> >>>> > >> > > > >> version now) > >>>> > >>>> >>>> > >> > > > >> - properly dispose of StreamWriters within logging > >>>> appenders > >>>> > >>>> >>>> > >> > (thanks to > >>>> > >>>> >>>> > >> > > > >> @NicholasNoise) > >>>> > >>>> >>>> > >> > > > >> > >>>> > >>>> >>>> > >> > > > >> Binaries are up at > >>>> > >>>> >>>> > >> > > > >> > >>>> > >>>> >>>> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 > >>>> > >>>> >>>> > >> > and I've > >>>> > >>>> >>>> > >> > > > >> pushed to asf-staging for logging, now up at > >>>> > >>>> >>>> > >> > > > >> > >>>> https://logging.staged.apache.org/log4net/download_log4net.html > >>>> > >>>> >>>> > >> > > > >> > >>>> > >>>> >>>> > >> > > > >> Thanks > >>>> > >>>> >>>> > >> > > > >> -d > >>>> > >>>> >>>> > >> > > > > > >>>> > >>>> >>>> > >> > > > > > >>>> > >>>> >>>> > >> > > > > > >>>> > >>>> >>>> > >> > > > > -- > >>>> > >>>> >>>> > >> > > > > Matt Sicker <boa...@gmail.com> > >>>> > >>>> >>>> > >> > > > >>>> > >>>> >>>> > >> > > > >>>> > >>>> >>>> > >> > > > >>>> > >>>> >>>> > >> > > -- > >>>> > >>>> >>>> > >> > > Matt Sicker <boa...@gmail.com> > >>>> > >>>> >>>> > >> > > >>>> > >>>> >>>> > >> > > >>>> > >>>> >>>> > >> > > >>>> > >>>> >>>> > >> > -- > >>>> > >>>> >>>> > >> > Matt Sicker <boa...@gmail.com> > >>>> > >>>> >>>> > >> > > >>>> > >>>> >>>> > > > >>>> > >>>> >>>> > > > >>>> > >>>> >>>> > > > >>>> > >>>> >>>> > > -- > >>>> > >>>> >>>> > > Matt Sicker <boa...@gmail.com> > >>>> > >>>> >>>> > >>>> > >>>> >>>> > >>>> > >>>> >>>> > >>>> > >>>> >>>> -- > >>>> > >>>> >>>> Matt Sicker <boa...@gmail.com> > >>>> > >>>> >>> > >>>> > >>>> >>> > >>>> > >>>> >>> > >>>> > >>>> >>> -- > >>>> > >>>> >>> Matt Sicker <boa...@gmail.com> > >>>> > >>>> > > >>>> > >>>> > > >>>> > >>>> -- > >>> Matt Sicker <boa...@gmail.com> > > > >
-- Matt Sicker <boa...@gmail.com>
