[
https://issues.apache.org/jira/browse/RANGER-750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15482449#comment-15482449
]
Selvamohan Neethiraj commented on RANGER-750:
---------------------------------------------
[[email protected]] - I have updated the cwiki for the release instruction
[https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=65867946] as
following:
{code}
If the signer's key is not in KEYS file in
https://dist.apache.org/repos/dist/release/incubator/ranger/KEYS, Update the
KEYS file to add that the signer key using SVN.
{code}
please let me know if this instruction needs any change.
> Spurious file in https://dist.apache.org/repos/dist/release/incubator/ranger/
> -----------------------------------------------------------------------------
>
> Key: RANGER-750
> URL: https://issues.apache.org/jira/browse/RANGER-750
> Project: Ranger
> Issue Type: Bug
> Environment:
> https://dist.apache.org/repos/dist/release/incubator/ranger/
> Reporter: Sebb
> Assignee: Selvamohan Neethiraj
>
> he directory https://dist.apache.org/repos/dist/release/incubator/ranger/
> contains the file:
> download-keys.sh
> This does not belong on the ASF mirror system.
> Also the script is not suitable for downloading KEYS.
> The file https://people.apache.org/keys/group/ranger.asc is not guaranteed to
> contain all the keys needed to validate a signature, because the file only
> contains the current keys for the current members of the PPMC. However the
> KEYS file is also used for checking archived releases so must contain all
> keys that have ever been used to sign a release.
> Please remove the script file, and ensure that the KEYS file contains all the
> keys for every ASF release that has been made. Entries should never be
> dropped from KEYS files if they have been used to sign a release.
> Thanks
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
