Thanks for the prompt reply Chip...
On Thu, Sep 12, 2013 at 6:52 PM, Chip Childers <[email protected]>wrote: > On Thu, Sep 12, 2013 at 06:19:42PM +0530, Lahiru Sandaruwan wrote: > > Hi all, > > > > We have been following some release guides for release management([1], > > [2]). They state that we have to generate GPG keys for signing. > > My question is that, is it better to get the packs signed by a mentor for > > incubating release? > > > > Thanks. > > > > [1] http://airavata.apache.org/development/release-management.html > > [2] http://airavata.apache.org/development/release-management.html > > IMO, whomever wants to be the release manager for your first release > should be the one to sign the artifact. Now, if you are creating a new > key for it, and aren't connected to the larger ASF web or trust, that > can be seen as a weakness. > > We can solve that though! As part of voting (if someone votes +1), they > have the option of providing a signature that can be added to the > detached signature file for the release before it's committed to the > release dir in svn. > +1, So I will sign using my key and then get the help of mentors at voting. Thanks. > > So... That's where mentors can help. When I vote, if it's a +1, I'll > add my signature. Others should consider doing the same. > > -chip > -- -- Lahiru Sandaruwan Software Engineer, Platform Technologies, WSO2 Inc., http://wso2.com lean.enterprise.middleware email: [email protected] cell: (+94) 773 325 954 blog: http://lahiruwrites.blogspot.com/ twitter: http://twitter.com/lahirus linked-in: http://lk.linkedin.com/pub/lahiru-sandaruwan/16/153/146
