Hi Suresh,
On Fri, Sep 13, 2013 at 4:26 AM, Suresh Marru <[email protected]> wrote: > On Sep 12, 2013, at 9:22 AM, Chip Childers <[email protected]> > wrote: > > > On Thu, Sep 12, 2013 at 06:19:42PM +0530, Lahiru Sandaruwan wrote: > >> Hi all, > >> > >> We have been following some release guides for release management([1], > >> [2]). They state that we have to generate GPG keys for signing. > >> My question is that, is it better to get the packs signed by a mentor > for > >> incubating release? > >> > >> Thanks. > >> > >> [1] http://airavata.apache.org/development/release-management.html > >> [2] http://airavata.apache.org/development/release-management.html > > > > IMO, whomever wants to be the release manager for your first release > > should be the one to sign the artifact. Now, if you are creating a new > > key for it, and aren't connected to the larger ASF web or trust, that > > can be seen as a weakness. > > > > We can solve that though! As part of voting (if someone votes +1), they > > have the option of providing a signature that can be added to the > > detached signature file for the release before it's committed to the > > release dir in svn. > > > > So... That's where mentors can help. When I vote, if it's a +1, I'll > > add my signature. Others should consider doing the same. > > + 1 for this approach though. > > Although I assume with good number of apache committers in Srilanka, the > release manager (assuming will be from one of the currently active Stratos > PPMC members in SL), should be able to meet fellow committers in person and > get their key signed. > Yes, This is possible. Thanks. > > Suresh > > > > > -chip > > -- -- Lahiru Sandaruwan Software Engineer, Platform Technologies, WSO2 Inc., http://wso2.com lean.enterprise.middleware email: [email protected] cell: (+94) 773 325 954 blog: http://lahiruwrites.blogspot.com/ twitter: http://twitter.com/lahirus linked-in: http://lk.linkedin.com/pub/lahiru-sandaruwan/16/153/146
