dave2wave commented on issue #389: URL: https://github.com/apache/tooling-trusted-releases/issues/389#issuecomment-3751819614
> We're also thinking about improved OS signing, e.g. handled in ATR. No concern. Policy is sent about this. > From https://github.com/apache/tooling-trusted-releases/issues/431, we want to allow checksums from signatures. (Potentially covered by the existing policy; I think so.) Detached signatures are required from the RM, but nothing is written about who generates the checksum which must be verified during the Vote. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
