> Jody, what I mean was not how to create and use GPG keys, but how we manage > keys. For example, do we rely on a web of trust with each developer having > their own signing key or do we have an official GeoTools key, such as that > used by Linux distributions (Fedora ...)? I guess the individual > web-of-trust is the only practical solution for a decentralised community.
I think individual developers can sign up for their own key; we have something similar when announcing on freshmeat for example; or uploading to the osgeo server. > Also, should the scm entries point to the GeoTools poms used to build the > packages, or should they in the case of packaging third-party schemas point > to the originating third-party scm? I think the geotools location. For third party schemas (ie ogc) we are still publishing up our take on it (since we often make changes so that it validates). > Thirdly, if I am packaging third-party schemas, do you think it is > appropriate that I use the third-party groupId or org.geotools? If we are > going to maven central I want to very careful to get it just right. I am going to go with org.geotools (since we are the party publishing in this form, and sometimes we hack it up right?). What does it have now? > Kind regards, Thanks for the discussion, Jody ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Geotools-devel mailing list Geotools-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geotools-devel
