sbp commented on issue #227: URL: https://github.com/apache/tooling-trusted-release/issues/227#issuecomment-3286691952
This was discussed in #217, and as a result I opened an Infra ticket: https://issues.apache.org/jira/browse/INFRA-27164 What I didn't document there are the techniques that I used to compile my list, which included what is suggested here: detecting the GPG keys in the KEYS file. I found that to be the most reliable of the three techniques that I used, but it was suggested that Infra have access to secrets, which would be an even more definitive list. The Infra ticket is still open, but a reply on the thread indicates that the secrets contain two committees which I missed through KEYS scanning. Therefore secret scanning is likely to be more reliable, but we need to wait on the outcome of the Infra ticket to figure out how to access them. Perhaps the catalogue server would be the eventual source of truth for this. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
