On Tue, Aug 16, 2011 at 16:31, Sergiu Dumitriu <[email protected]> wrote:
> On 08/16/2011 10:21 AM, Fabio Mancinelli wrote: > > Hi, > > > > +1 for every release manager to have his own key. > > Though I think that there should be an "XWiki.org" key that is kept > > only by one person and that is used to sign the release managers keys. > > > > In this way artifacts will be marked as released by somebody that is > > also trusted by XWiki.org. > > Yes, that's what I was thinking as well last night. And the XWiki.org > master key should be signed by a trusted authority. > +1 Denis > > > -Fabio > > > > On Mon, Aug 15, 2011 at 6:04 PM, Caleb James DeLisle > > <[email protected]> wrote: > >> > >> > >> On 08/15/2011 11:42 AM, Sergiu Dumitriu wrote: > >>> On 08/15/2011 11:19 AM, Vincent Massol wrote: > >>>> Hi, > >>>> > >>>> I think we should start signing our artifacts using PGP as explained > here: > >>>> > https://docs.sonatype.org/display/Repository/How+To+Generate+PGP+Signatures+With+Maven > >>>> > >>>> Here's my +1 > >>> > >>> +1. > >>> > >>> Do we use only one key, installed on the release machine? It should be > >>> protected by a strong passphrase. > >> > >> +1 > >> I really don't like the "one key on the release box" idea. > >> IMO each release manager should sign with their key which ofc never > leaves their own computer. > >> > >> Caleb > >> > >>> > >>>> > >>>> Thanks > >>>> -Vincent > >>>> > >>>> PS: I we agree I can commit the changes required to our top level POM > to implement this (I have them locally already) > >>> > >>> PS2: When's the release user ready on one of the new agents? > >>> > > > -- > Sergiu Dumitriu > http://purl.org/net/sergiu/ > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > -- Denis Gervalle SOFTEC sa - CEO eGuilde sarl - CTO _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
