On 28 Aug 06, at 2:32 PM 28 Aug 06, Dennis Lundberg wrote:
Hi I've created a key by following the directions at: http://www.apache.org/dev/release-signing.html That document says to add my key to a KEYS file for the project: http://www.apache.org/dev/release-signing.html#keys-policy Where is that file for Maven? I've found these files: - http://www.apache.org/dist/maven/KEYS - http://svn.apache.org/viewvc/maven/maven-1/core/trunk/KEYS
Are those the same? It should be in SVN but not in the m1 repository anymore. We should probably move it to the top of the SVN where everyone has access.
The first one seems right for me. Do I just append my key to that file on people.a.o?
Let's keep in SVN and copy that version to dist/maven/KEYS
Is there anything else I need to do, like building a web-of-trust? That bit is somewhat vague to me.
You need to do that in person with people by exchanging ID and PGP fingerprints. Typically we have little key signing events at ApacheCon.
Also, is there a document similar to this but for Maven 2: http://maven.apache.org/maven-1.x/developers/making-releases.html
We could probably do with one and put it on the main site for developers.
-- Dennis Lundberg --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Jason van Zyl [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
