Re: Encouraging More Women to Participate on Apache Projects?

2016-05-19 Thread Marvin Humphrey
On Thu, May 19, 2016 at 8:17 AM, Sharan Foga wrote: > Hi All > > I'm interested in finding out how we could encourage more women to > participate on Apache projects. It's a discussion topic that came up last > week while I was at Apachecon. My understanding is that we don't

Re: SHA512 by default for GPG sigs

2016-05-19 Thread Christopher
On Thu, May 19, 2016 at 2:43 AM Stian Soiland-Reyes wrote: > In principle +1, a PGP signature based on sha1 is not cryptographically > strong. > > Obviously blindly checking a PGP signature, even after importing the KEYS > from https://www.apache.org/dist, that is also not any

Re: SHA512 by default for GPG sigs

2016-05-19 Thread Martin Desruisseaux
+0 on my side. Seems a good thing, but I may not master all the aspects. Martin Le 18/05/16 à 13:45, Christopher a écrit : > Hi all, > > I'm not sure a better list to get feedback on, but I wanted to bring > attention to the proposal here: > https://issues.apache.org/jira/browse/MPOM-118 >

RE: Encouraging More Women to Participate on Apache Projects?

2016-05-19 Thread Ross Gardler
We do not have current strategies. We've tried many things in the past but they've never really succeeded. I'll not speculate on why, it's a complex issue. What I will say (with my Presidents hat firmly on), is that if folks come up with a strategy that is in line with our charitable mission

Encouraging More Women to Participate on Apache Projects?

2016-05-19 Thread Sharan Foga
Hi All I'm interested in finding out how we could encourage more women to participate on Apache projects. It's a discussion topic that came up last week while I was at Apachecon. My understanding is that we don't have any current strategies in place so I think it could be good to look at

Re: SHA512 by default for GPG sigs

2016-05-19 Thread Sergio Fernández
+1 On Wed, May 18, 2016 at 7:45 PM, Christopher wrote: > Hi all, > > I'm not sure a better list to get feedback on, but I wanted to bring > attention to the proposal here: > https://issues.apache.org/jira/browse/MPOM-118 > > Essentially this is a suggestion to configure the

Re: SHA512 by default for GPG sigs

2016-05-19 Thread Stian Soiland-Reyes
In principle +1, a PGP signature based on sha1 is not cryptographically strong. Obviously blindly checking a PGP signature, even after importing the KEYS from https://www.apache.org/dist, that is also not any proof you got the intended release, just an artifact by someone who previously signed

Re: slides for ApacheCon NA 2016?

2016-05-19 Thread Sergio Fernández
On Wed, May 18, 2016 at 7:05 PM, Rich Bowen wrote: > Session Slides: > Session slides can be found within the schedule. To view slides, click > here - > > http://events.linuxfoundation.org/events/apache-big-data-north-america/program/schedule > - choose the session you’d like