[
https://issues.apache.org/jira/browse/CASSANDRA-14968?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16760645#comment-16760645
]
mck commented on CASSANDRA-14968:
---------------------------------
[~mshuler],
{quote}I personally would not upload my private key anywhere, regardless of
what ASF's opinion on that might be{quote}
You're correct in your opinion. The ASF forbids the private key that's used to
even be stored on ASF hardware. It must be stored on your machine, and for it
to be a machine you have full admin control over.
http://www.apache.org/dev/release-signing.html#basic-facts
http://www.apache.org/dev/release-distribution.html#sigs-and-sums
> Investigate GPG signing of deb and rpm repositories via bintray
> ---------------------------------------------------------------
>
> Key: CASSANDRA-14968
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14968
> Project: Cassandra
> Issue Type: Bug
> Reporter: Michael Shuler
> Priority: Major
> Labels: packaging
>
> Currently, the release manager uploads debian packages and built/signed
> metadata to a generic bintray repository. Perhaps we could utilize the GPG
> signing feature of the repository, post-upload, via the bintray GPG signing
> feature.
> https://www.jfrog.com/confluence/display/BT/Managing+Uploaded+Content#ManagingUploadedContent-GPGSigning
> Depends on CASSANDRA-14967
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
