On Tue, Aug 16, 2011 at 5:31 PM, Sergiu Dumitriu <[email protected]> wrote: > On 08/16/2011 10:21 AM, Fabio Mancinelli wrote: >> Hi, >> >> +1 for every release manager to have his own key. >> Though I think that there should be an "XWiki.org" key that is kept >> only by one person and that is used to sign the release managers keys. >> >> In this way artifacts will be marked as released by somebody that is >> also trusted by XWiki.org. > > Yes, that's what I was thinking as well last night. And the XWiki.org > master key should be signed by a trusted authority.
+1 Thanks, Marius > >> -Fabio >> >> On Mon, Aug 15, 2011 at 6:04 PM, Caleb James DeLisle >> <[email protected]> wrote: >>> >>> >>> On 08/15/2011 11:42 AM, Sergiu Dumitriu wrote: >>>> On 08/15/2011 11:19 AM, Vincent Massol wrote: >>>>> Hi, >>>>> >>>>> I think we should start signing our artifacts using PGP as explained here: >>>>> https://docs.sonatype.org/display/Repository/How+To+Generate+PGP+Signatures+With+Maven >>>>> >>>>> Here's my +1 >>>> >>>> +1. >>>> >>>> Do we use only one key, installed on the release machine? It should be >>>> protected by a strong passphrase. >>> >>> +1 >>> I really don't like the "one key on the release box" idea. >>> IMO each release manager should sign with their key which ofc never leaves >>> their own computer. >>> >>> Caleb >>> >>>> >>>>> >>>>> Thanks >>>>> -Vincent >>>>> >>>>> PS: I we agree I can commit the changes required to our top level POM to >>>>> implement this (I have them locally already) >>>> >>>> PS2: When's the release user ready on one of the new agents? >>>> > > > -- > Sergiu Dumitriu > http://purl.org/net/sergiu/ > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
