[ removing dev@svn, adding dev@whimsy — sorry if that's not the right list. ]
Sebb,
KEYS formats have multiple problems. They are a custom format that
needs to be updated by hand, and if someone is a committer on N projects
then he needs to do O(N) work to update their keys. That's a very poor design
from a human factors point of view.
p.a.o/keys/ was invented to solve these problems. If it has downsides,
fine, but don't throw the baby out with the bathwater.
It would be better to change the p.a.o/keys/ cron job (1) to work, not
off of LDAP but off of an append-only dataset mapping PMCs to committers
and committers to keys; and (2) instead of publishing the results on
minotaur, to auto-commit them to /repos/dist/$PMC/release/KEYS.
To be clear, what I mean is something along the lines of:
[[[
# runnable prototype
HEAD=`svn info --show-item=revision $URL/to/pmcs.txt`
{ svn cat $URL/to/pmcs.txt@${HEAD} && ldapsearch -xLLL -b
ou=pmc,ou=committees,ou=groups,dc=apache,dc=org cn | sed -ne 's/^cn: //p'; } |
sort | uniq | svnmucc -m "Automatically regenerated by $0" -r "${HEAD}" put
/dev/stdin $URL/to/pmcs.txt
]]]
Do that, do the same for the set of committers of each PMC, make the
site generation scripts use this as the input instead of LDAP, make them
commit /keys/group/foo.pmc to /dist/release/foo/KEYS, profit.
Daniel
P.S. The output of that ldapsearch is sorted by length first and
alphabetically second. Odd…
Julian Foad wrote on Tue, 12 Mar 2019 16:34 +00:00:
> Hello, devs. Apparently our handling of the KEYS file needs to change:
> see below.
>
> Is anybody willing to handle this?
>
> ----- Original message -----
> From: [email protected]
> Subject: Returned post for [email protected]
>
> Sorry, but the download page is missing a required link to the KEYS file.
> The URL must be of the form: https://www.apache.org/dist/<project>/KEYS
>
> Links to http://people.apache.org/ are not acceptable; see the note here:
> https://people.apache.org/keys/
>
> Please resubmit the announce email when this has been corrected.
> Thanks,
>
> Sebb
>
> Attachments:
> * Email.eml
