subject:"Re\: Releases Require KEYS Files"

Re: Releases Require KEYS Files

2019-03-14 Thread sebb

On Fri, 15 Mar 2019 at 00:09, Nick Kew  wrote:
>
>
>
> > On 14 Mar 2019, at 17:49, Dave Fisher  wrote:
> >
> > Hi -
> >
> > I’ve been reviewing releases and you are missing your KEYS file from 
> > https://dist.apache.org/repos/dist/release/incubator/myriad/ 
> > 
> >
> > Your site should refer users to the KEYS file at 
> > https://www.apache.org/dist/incubator/myriad/KEYS 
> > 
>
> ASF maintains foundation-wide keys at  
> https://people.apache.org/keys/committer/ .
> Isn't that a better resource to reference than for individual projects to 
> replicate KEYS?
> Especially for the many folks who are involved with multiple projects!

The KEYS file only needs to contain keys for people who sign releases.

Also it needs to be stored on the archive server so people can
validate historic releases.
For this reason, keys should not be removed from the file.

The key files at people.apache.org are not really suitable for
download validation.

> --
> Nick Kew
>
>
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Re: Releases Require KEYS Files

2019-03-14 Thread Dave Fisher

> On Mar 14, 2019, at 5:11 PM, Nick Kew  wrote:
> 
> 
> 
>> On 14 Mar 2019, at 17:49, Dave Fisher  wrote:
>> 
>> Hi -
>> 
>> I’ve been reviewing releases and you are missing your KEYS file from 
>> https://dist.apache.org/repos/dist/release/incubator/myriad/ 
>> 
>> 
>> Your site should refer users to the KEYS file at 
>> https://www.apache.org/dist/incubator/myriad/KEYS 
>> 
> 
> ASF maintains foundation-wide keys at  
> https://people.apache.org/keys/committer/ .
> Isn't that a better resource to reference than for individual projects to 
> replicate KEYS?
> Especially for the many folks who are involved with multiple projects!

These are the KEYS for the release managers of the podling/project so that the 
users of the download artifact can validate the signature.
We are following Release Distribution Policy. For fun you can take a look at 
checker.apache.org .

Some people don’t sign releases with their personal key, but use a code signing 
key. Often a podling RM is new to Apache … there is enough to teach.

Feel free to see about making the change, but this volunteer is not going to do 
a thing with changing that. ;-) If the ASF wants to pay a large amount of $ 
then I’ll think about. ;-)

Regards,
Dave

> 
> -- 
> Nick Kew
> 
> 
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>

Re: Releases Require KEYS Files

2019-03-14 Thread Nick Kew

> On 14 Mar 2019, at 17:49, Dave Fisher  wrote:
> 
> Hi -
> 
> I’ve been reviewing releases and you are missing your KEYS file from 
> https://dist.apache.org/repos/dist/release/incubator/myriad/ 
> 
> 
> Your site should refer users to the KEYS file at 
> https://www.apache.org/dist/incubator/myriad/KEYS 
> 

ASF maintains foundation-wide keys at  
https://people.apache.org/keys/committer/ .
Isn't that a better resource to reference than for individual projects to 
replicate KEYS?
Especially for the many folks who are involved with multiple projects!

-- 
Nick Kew

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Re: Releases Require KEYS Files

2019-03-14 Thread Dave Fisher

Hi -

> On Mar 14, 2019, at 3:42 PM, Justin Mclean  wrote:
> 
> Hi,
> 
> But this was there right? [1]

No.

$ svn log https://dist.apache.org/repos/dist/release/incubator/myriad/KEYS

r32935 | javiroman | 2019-03-14 12:10:14 -0700 (Thu, 14 Mar 2019) | 1 line

Apache Myriad KEYS file in releases folder


You must have seen it in the dev location:

$ svn log https://dist.apache.org/repos/dist/dev/incubator/myriad/KEYS

r32640 | javiroman | 2019-02-25 23:02:25 -0800 (Mon, 25 Feb 2019) | 1 line

added GPG public key to the Apache Myriad KEYS file

r13773 | darinj | 2016-05-24 18:10:18 -0700 (Tue, 24 May 2016) | 1 line

update KEYS file

r10876 | smarella | 2015-10-20 17:14:46 -0700 (Tue, 20 Oct 2015) | 3 lines

Adding KEYS file for Myriad.

Got it?

Regards,
Dave
> 
> Thanks,
> Justin
> 
> 1. https://dist.apache.org/repos/dist/dev/incubator/myriad/KEYS
> 
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
> 


-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Re: Releases Require KEYS Files

2019-03-14 Thread Justin Mclean

Hi,

But this was there right? [1]

Thanks,
Justin

1. https://dist.apache.org/repos/dist/dev/incubator/myriad/KEYS

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Re: Releases Require KEYS Files

2019-03-14 Thread Dave Fisher

Hi Justin,

SVN shows it was fixed after I sent the email:

$ svn log https://dist.apache.org/repos/dist/release/incubator/myriad

r32935 | javiroman | 2019-03-14 12:10:14 -0700 (Thu, 14 Mar 2019) | 1 line

Apache Myriad KEYS file in releases folder

r14086 | darinj | 2016-06-22 06:05:05 -0700 (Wed, 22 Jun 2016) | 1 line

Adding myriad-0.2.0-incubating.

r11513 | smarella | 2015-12-09 22:51:00 -0800 (Wed, 09 Dec 2015) | 1 line

Adding myriad-0.1.0-incubating.

r10875 | lresende | 2015-10-19 19:57:33 -0700 (Mon, 19 Oct 2015) | 1 line

+= myriad


Regards,
Dave

> On Mar 14, 2019, at 3:32 PM, Justin Mclean  wrote:
> 
> Hi,
> 
>> I’ve been reviewing releases and you are missing your KEYS file from 
>> https://dist.apache.org/repos/dist/release/incubator/myriad/ 
>> 
>> 
>> Your site should refer users to the KEYS file at 
>> https://www.apache.org/dist/incubator/myriad/KEYS 
>> 
> 
> I looked at their release file yesterday and it has a KEYS file. [1], looks 
> like the structure is just not quite what you expect.
> 
> Thanks,
> Justin
> 
> 1. https://dist.apache.org/repos/dist/release/incubator/myriad/KEYS
> -
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
> 


-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Re: Releases Require KEYS Files

2019-03-14 Thread Justin Mclean

Hi,

> I’ve been reviewing releases and you are missing your KEYS file from 
> https://dist.apache.org/repos/dist/release/incubator/myriad/ 
> 
> 
> Your site should refer users to the KEYS file at 
> https://www.apache.org/dist/incubator/myriad/KEYS 
> 

I looked at their release file yesterday and it has a KEYS file. [1], looks 
like the structure is just not quite what you expect.

Thanks,
Justin

1. https://dist.apache.org/repos/dist/release/incubator/myriad/KEYS
-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org

Re: Releases Require KEYS Files

Re: Releases Require KEYS Files

Re: Releases Require KEYS Files

Re: Releases Require KEYS Files

Re: Releases Require KEYS Files

Re: Releases Require KEYS Files

Re: Releases Require KEYS Files

7 matches

Site Navigation

Mail list logo

Footer information