sebbASF commented on issue #132: URL: https://github.com/apache/tooling-trusted-release/issues/132#issuecomment-2954150139
However: 1. SVN dist is still here, and PMCs currently maintain KEYS there 2. Uploading KEYS from a file implies that the file has been created, probably using a text editor, so I'm not sure how it helps to insist that KEYS are uploaded again. 3. agreed, but in the meantime KEYS under downloads.a.o are a useful source. Note that the KEYS files under downloads.a.o are supposed to be cumulative, so any key that has ever been used to sign a release should be in the file. It's important to keep historic keys available, so archive sigs can be checked. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tooling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tooling.apache.org For additional commands, e-mail: dev-h...@tooling.apache.org
