> > However, I do not believe that signing should be done on minotaur. It
> > should be done on the Release Manager's personal system where (s)he has
> > control over the private key. I don't like the idea of having private
keys
> > on minotaur.
> To be argumentative, shouldn't Apache have control over the keys though?
Why? In the case of C/C++ programs, the builds are generally done on
multiple platforms. And that may also be why they post releases and THEN
vote on them, rather than just voting based upon the CVS. It gives people a
chance to make sure that the build was done properly. I recently pointed
out that a very large percentage of an Avalon release candidate consisted of
many replicated dozens of copies of the Apache License file. I would not
have been able to point that out if there weren't an actual Release
Candidate to evaluate.
> One plus reason for not using Apache servers: some kind of version change
> or something has happened on minotaur as I get errors when running certain
> commands.
Which ones? If something needs to be corrected, infrastructure needs to
know.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
