dave2wave opened a new issue, #227: URL: https://github.com/apache/tooling-trusted-release/issues/227
The most reliable way to determine if a PMC is allowed by Security to build release artifacts in a build is by detecting that the project has added a project specific public GPG Key either to the KEYS file or into ATR. Infra issues the private and public PMC GPG Keys and installs the private key into a repository secret in GH. Instructions should be to use `https://release-test.apache.org/keys/upload` to upload and associate this public PMC Key to the correct committee. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
