Hi Bruce, On Mon, Apr 20, 2015 at 5:24 PM, Bruce Edge <[email protected]> wrote: > ...This is at a point now that it requires signoff from a PMC member as it > requires the sling signing keys....
Opinions might differ but I don't think the Sling PMC wants to sign binaries. As an Apache project we release source code only. Convenience binaries are ok but they do not need to be voted upon by the PMC in my opinion. IMO you can publish those artifacts to bintray and sign them yourself as long as you are clearly identified as their maintainer, and the Sling PMC is not involved. That's a good service to our users, that they will use if they agree to trust you about the contents of those binaries. -Bertrand
