JinwooHwang-SAS opened a new pull request, #7919: URL: https://github.com/apache/geode/pull/7919
### Summary - This PR appends the Release Manager’s PGP public key to the KEYS file so that upcoming source release artifacts can be verified by end users and downstream packagers. ### Added Key - uid: Jinwoo Hwang <[email protected]> - Fingerprint: 5C3D A8FB B105 2F4D F1DE B1EF 62F7 DA41 B7D8 F26C - Created: 2025-08-28 - Expires: 2029-08-28 ### Rationale - Enables signature verification (.asc) for the next release cycle. - Keeps the project compliant with ASF release policy (all signing keys must be published in KEYS). - Ensures build consumers can establish a trust path before validating release artifacts. ### Verification Steps (Reviewer) 1. Pull branch and inspect only appended block at end of KEYS. 2. Confirm no prior key material modified (e.g. git diff -w KEYS). 3. Extract and verify fingerprint locally: gpg --import KEYS gpg --fingerprint 5C3DA8FBB1052F4DF1DEB1EF62F7DA41B7D8F26C 4. (Optional) Check key on public keyservers / WKD if published: gpg --keyserver keys.openpgp.org --recv-keys 62F7DA41B7D8F26C 5. Dry‑run tag verification example (after a release tag exists): gpg --verify apache-<project>-<version>-src.tar.gz.asc ### Release Manager Action After Merge - Ensure the key is also uploaded to at least one public keyserver (if not already). - Use this key exclusively (or document any key rotation) for signing the release artifacts and staged Maven artifacts (if applicable). - Announce fingerprint in the VOTE and RESULT e‑mails. ### Integrity Considerations - No removal or alteration of existing keys. - Single, properly delimited ASCII armored block (-----BEGIN PGP PUBLIC KEY BLOCK----- … -----END PGP PUBLIC KEY BLOCK-----). - Fingerprint line in summary matches gpg output. ### Request - Approve & merge before starting the release vote so voters can pre‑import the key. <!-- Thank you for submitting a contribution to Apache Geode. --> <!-- In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: --> ### For all changes: - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [x] Has your PR been rebased against the latest commit within the target branch (typically `develop`)? - [ ] Is your initial contribution a single, squashed commit? - [ ] Does `gradlew build` run cleanly? - [ ] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? <!-- Note: Please ensure that once the PR is submitted, check Concourse for build issues and submit an update to your PR as soon as possible. If you need help, please send an email to [email protected]. --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
