Bay area. Who can I get to sign it? Can any other Apache committer (or PMC from other projects) do it?
-- Matteo Merli <matteo.me...@gmail.com> On Mon, Jul 24, 2017 at 12:27 PM, Dave Fisher <dave2w...@comcast.net> wrote: > > > On Jul 24, 2017, at 12:23 PM, Matteo Merli <mme...@apache.org> wrote: > > > > On Mon, Jul 24, 2017 at 11:39 AM, Dave Fisher <dave2w...@comcast.net> > wrote: > >> > >>> Does for podlings work in the same way as for TLPs? Should we design a > >>> release manager? > >> > >> Yes. I see you created a KEYS file. If someone else is Release Manager > >> then they can add their key as well. > >> > >> BTW - Is your Key Signed and in the Web of Trust? > >> > > > > Dave, I have created the key as per http://apache.org/dev/openpgp.html > > and I have summarized the steps into a wiki page at > > https://github.com/apache/incubator-pulsar/wiki/Create- > GPG-keys-to-sign-release-artifacts > > > > I didn't see how to sign the key itself and didn't get a chance to > exchange > > it. > > Someone else would need to sign your key after physically validating your > IDs. This is not an absolute requirement. Where in the world are you > located? > > Regards, > Dave >
