dave2wave commented on issue #242: URL: https://github.com/apache/tooling-trusted-releases/issues/242#issuecomment-3598609352
> From https://github.com/apache/tooling-trusted-releases/issues/322#issuecomment-3563555381: > > > it's ok for the committer to be a RM (happened last time in Airflow for Airflow-CTL) - as long as PMC member signs and publishes the artifacts This comment differs from how the permissions and practice works currently on the PMC's directory in`svn dist/release`. In this case it is a blanket all committers can be RMs. The person who performs the build and assembles the soredurce package is the one who signs. For ATR we are discussing how the role of RM is assigned and where I am on the policy differs from @sbp . 1. If there is an unexpired GPG public key associated with the committee owned by the committer then they have the role. 2. Iif there is a GPG public key associated with the committee with the committer updated by any PMC member they have the role. _preferably_ means that PMC members are committers and the policy prefers signatures from PMC members. I think that we need to discuss permissions on uploads. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
