Hi Andrew,
here are some basic docs:
http://www.apache.org/dev/release-signing.html
http://www.apache.org/dev/openpgp.html#update
I could not find information on your specific question. At log4php we were
curious recently about the same and decided to go with this:
think
orcmid@ a.o is subscribed to this list [;).
-Original Message-
From: Christian Grobmeier [mailto:grobme...@gmail.com]
Sent: Sunday, June 2, 2013 01:24 AM
To: general@incubator.apache.org
Subject: Re: Correct process for signing keys?
Hi Andrew,
here are some basic docs:
http
Hi Christian, Dennis
Thanks for your responses and the links provided. By the sounds of it
we're all roughly in the same position: aware of the different options
and not 100% certain which is the current correct one, or if indeed
all options are equally valid. Unfortunately, the docs also
I think that the RM _must_ have a key, that the key must be part of a
KEYS file in svn/git, and that it _should_ be uploaded into their
Apache account, and it is more better if it is signed into the GWOT
(global web of trust).
-
Well, I've got the first three, and will bug coworkers in the GWOT to sign
my key next week. =)
A.
On Sun, Jun 2, 2013 at 2:13 PM, Benson Margulies bimargul...@gmail.comwrote:
I think that the RM _must_ have a key, that the key must be part of a
KEYS file in svn/git, and that it _should_ be
Hi all
Apologies in advance if this is not the correct audience for this
question: what is the correct process now for publishing signing keys
for releases? jclouds currently has a KEYS file [1]; there is another
(different) file containing keys in the groups list [2] on
people.apache,