Hypothetically, this requires an in-person meetings between you and someone else in the 'web of trust'. However, creativity is exercised here. If there's someone who feels confident that they can establish your identity as you and not your dog, they can sign your key.
On Tue, Feb 1, 2011 at 7:53 AM, Dan Haywood <[email protected]> wrote: > > On 30/01/2011 21:41, Siegfried Goeschl wrote: >> >> a few bits and pieces from my memory >> >> +) see http://www.apache.org/dev/release-signing.html >> +) upload your key to the key server > > Thanks for this. > > For benefit of others in Isis, I've updated our wiki with all the steps I've > followed to create my public key [1] > > >> +) join a key-signing party >> +) at Apache Commons I did my first release before joining a key signing >> party - that is possible but not encouraged > > When are key signing parties held? I'm guessing it would require a trip > over to ApacheCon, which (a) is a long time away and (b) I'm not sure yet if > I'll be going? > > Is there anything that can be done in lieu of this? Or perhaps one of the > mentors whose key has been signed by others will need to push out the > release when we have it? > > Cheers > Dan > > [1] https://cwiki.apache.org/confluence/display/ISIS/GeneratingPgpKeys > > > >> >> Cheers, >> >> Siegfried Goeschl >> >> >> On 1/30/11 7:05 PM, Dan Haywood wrote: >>> >>> As I now understand things, I don't need a key to publish a snapshot, >>> but I will need a key to do the first 0.1 release when we get to that >>> point. >>> >>> In preparation for then, I've generated a public key and added to the >>> Isis Keys file, as per [1]. >>> >>> Do I also need to publish my key to the http://pgp.mit.edu key server? I >>> found some documentation [2] that suggests that it is necessary? >>> >>> Thanks >>> Dan >>> >>> [1] https://cwiki.apache.org/confluence/display/ISIS/GeneratingPgpKeys >>> [2] http://maven.apache.org/developers/release/pmc-gpg-keys.html ... >>> penultimate paragraph near the end >>> >>> >> >
