I don't know whether it's even possible for more than one person to sign the release.
The way to make the release more "trustworthy" is to strengthen the release manager's web of trust. Have a key signing party [1] and sign each other's keys. If the one person who signs the release is well established in the Apache web of trust then the release is clearly a genuine product of the Apache Software Foundation. Regarding the report. It's possible that you're now scheduled to report only once per quarter. Projects are only monthly when they start out. Julian [1] https://en.m.wikipedia.org/wiki/Key_signing_party Sent from my iPad > On Feb 11, 2017, at 2:04 PM, Jignesh Patel <jmp.quicks...@gmail.com> wrote: > > Hi folks: We are nearly ready to do a release. Anyone else wants to sign the > release along with me? > > > > Also, I haven’t seen an email about providing input for the usual Podling > report? Anyone else has seen this? I hope I haven’t missed it. > > > > Cheers, > > Jignesh >
