On 30/01/2011 21:41, Siegfried Goeschl wrote:
a few bits and pieces from my memory
+) see http://www.apache.org/dev/release-signing.html
+) upload your key to the key server
Thanks for this.
For benefit of others in Isis, I've updated our wiki with all the steps
I've followed to create my public key [1]
+) join a key-signing party
+) at Apache Commons I did my first release before joining a key
signing party - that is possible but not encouraged
When are key signing parties held? I'm guessing it would require a trip
over to ApacheCon, which (a) is a long time away and (b) I'm not sure
yet if I'll be going?
Is there anything that can be done in lieu of this? Or perhaps one of
the mentors whose key has been signed by others will need to push out
the release when we have it?
Cheers
Dan
[1] https://cwiki.apache.org/confluence/display/ISIS/GeneratingPgpKeys
Cheers,
Siegfried Goeschl
On 1/30/11 7:05 PM, Dan Haywood wrote:
As I now understand things, I don't need a key to publish a snapshot,
but I will need a key to do the first 0.1 release when we get to that
point.
In preparation for then, I've generated a public key and added to the
Isis Keys file, as per [1].
Do I also need to publish my key to the http://pgp.mit.edu key server? I
found some documentation [2] that suggests that it is necessary?
Thanks
Dan
[1] https://cwiki.apache.org/confluence/display/ISIS/GeneratingPgpKeys
[2] http://maven.apache.org/developers/release/pmc-gpg-keys.html ...
penultimate paragraph near the end
