> > However, I do not believe that signing should be done on minotaur. It > > should be done on the Release Manager's personal system where (s)he has > > control over the private key. I don't like the idea of having private keys > > on minotaur.
> To be argumentative, shouldn't Apache have control over the keys though? Why? In the case of C/C++ programs, the builds are generally done on multiple platforms. And that may also be why they post releases and THEN vote on them, rather than just voting based upon the CVS. It gives people a chance to make sure that the build was done properly. I recently pointed out that a very large percentage of an Avalon release candidate consisted of many replicated dozens of copies of the Apache License file. I would not have been able to point that out if there weren't an actual Release Candidate to evaluate. > One plus reason for not using Apache servers: some kind of version change > or something has happened on minotaur as I get errors when running certain > commands. Which ones? If something needs to be corrected, infrastructure needs to know. --- Noel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]