assignUser commented on PR #40956: URL: https://github.com/apache/arrow/pull/40956#issuecomment-2035703826
> We can't sign by GitHub Actions Not yet but the option exists! We can sign via gha workflow (in apache/arrow), INFRA has to review and approve the workflow doing the signing and will add the key to be used as a repo secret. See https://www.apache.org/legal/release-policy.html#release-signing This change was added sometime last year but I never had the time to follow up but with the current discussions about making releases easier and this new addition it might be the right time to tackle it! (for both the monorepo and subprojects) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
