Hi, My key here: http://pgp.mit.edu:11371/pks/lookup?search=Raido+Kuli&op=index
-- Raido On 28.10.2010, at 20:41, Paul Sharples wrote: > On 28/10/2010 15:26, Scott Wilson wrote: >> On 28 Oct 2010, at 10:19, Kris Popat wrote: >> >> >>> Hi >>> >>> On 26 Oct 2010, at 17:46, Scott Wilson wrote: >>> >>> >>>> Hi everyone, >>>> >>>> I've been through the source code and licenses, and updated our existing >>>> license documentation, and created the LICENSE and NOTICE files. I'm >>>> satisfied we're in good shape in terms of the License Audit and Legal >>>> Audit part of the release process [1]. >>>> >>>> I've also done work on the documentation; it still needs testing against >>>> the release but is in a reasonable state now. >>>> >>>> As far as the tracker goes, there is now only one issue outstanding issue >>>> [2]. >>>> >>>> I can't remember offhand the deadline we set for ourselves - are we still >>>> on target? What's next? >>>> >>> Looks like we need to do testing and verifying of issues. >>> >>> After this I think we should create the release branch, or do people think >>> we should do it now? >>> >> I guess if verifying the issues shows up something that needs an urgent fix >> it would be a pain to have to sync branch and trunk. Also we may end up >> committing more unit tests in the process. Lets just get the issues verified >> as soon as we can! >> >> >>> I've updated the section on signatures on the release doc - included here. >>> >>> >>> The committers for the project need to provide public keys for the release, >>> each person who submits a key needs to keep the private key safe. These >>> will be included with the release in a KEYS file. The process of creating a >>> key pair should be consistent across the committers. Apache recommend >>> using GNU Privacy Guard to generate keys and sign the artifacts. >>> >> My public key is listed here: >> >> http://pgp.mit.edu:11371/pks/lookup?search=Scott+Wilson+%3Cscott.bradley.wilson%40gmail.com%3E+&op=index >> >> > Mine is here... > > http://pgp.mit.edu:11371/pks/lookup?search=paul+sharples&op=index >>> Committers without a code signing key should generate one - RSA 4096 bits >>> >>> If committers have a DSA or RSA key of less than 2048 bits then a new one >>> should be generated for signing releases, again using RSA 4096 bit. >>> >>> For committers who already have an RSA key of 2048 bits or more some >>> configuration of their client to avoid weaknesses are required. >>> Instructions on how to do this can be found here. >>> >>> >>> >>> Kris >>> >> >
