To Pablo, The public key in use by NPM can be found in this blog "[3] https://blog.npmjs.org/post/172999548390/new-pgp-machinery";. A direct link: https://keybase.io/npmregistry/pgp_keys.asc Quoted from the blog:
> We’ve also chosen to use Keybase > <https://t.umblr.com/redirect?z=https%3A%2F%2Fkeybase.io&t=Y2YyM2E5ZDdhZmM5OTU3ZmQ0ODg0ZTJlODJhZGRlZDg4N2UyYzFkYyxsRDlvMmNtVg%3D%3D&b=t%3AnXsLs1P4AptPf1fBr_nFxw&p=https%3A%2F%2Fblog.npmjs.org%2Fpost%2F172999548390%2Fnew-pgp-machinery&m=1&ts=1602276950> > to > publicize our PGP key and give you confidence that the npm registry you > install from is the same registry that’s signing packages. Our account on > Keybase is npmregistry > <https://t.umblr.com/redirect?z=https%3A%2F%2Fkeybase.io%2Fnpmregistry&t=M2Y4OWQ5M2YxOTNjOGYzNzI5Yzc2ZjE2YTVkY2MxMjgxNjYxNDdhMCxsRDlvMmNtVg%3D%3D&b=t%3AnXsLs1P4AptPf1fBr_nFxw&p=https%3A%2F%2Fblog.npmjs.org%2Fpost%2F172999548390%2Fnew-pgp-machinery&m=1&ts=1602276950> > . Keybase can be found here: https://keybase.io/ Thanks! Ning. On Fri, Oct 9, 2020 at 1:53 PM Pablo Estrada <pabl...@google.com> wrote: > +1 > I installed the extension and reviewed it as well. > > I have a question: You mention that NPM will sign the package. What key > will it use? We may need to upload your pgp key to the Beam list of keys? > Thanks Ning! > -P. > > On Tue, Oct 6, 2020 at 2:57 PM Ning Kang <ni...@google.com> wrote: > >> Please review the release of the following jupyter labextension >> (TypeScript node package) for running Beam notebooks in JupyterLab: >> * apache-beam-jupyterlab-sidepanel >> >> Hi everyone, >> Please review and vote on the release candidate #1 for the version 1.0.0, >> as follows: >> [ ] +1, Approve the release >> [ ] -1. Do not approve the release (please provide specific comments) >> >> The complete staging area is available for your review, which includes: >> * the assets (only the >> `sdks/python/apache_beam/runners/interactive/extensions/apache-beam-jupyterlab-sidepanel` >> sub directory) to be published to npmjs.com [1] >> * commit hash "b7ae7bb1dc28a7c8f26e9f48682e781a74e2d3c4" [2] >> * package will be signed by NPM once published; the pgp machinery [3] >> >> Additional details: >> * to install the package before it being published, install it locally by >> cloning the Beam repo or downloading the assets: >> >> git checkout jupyterlab-sidepanel-v1.0.0 -b some-branch # if cloning the >> repo, do this step >> >> pushd sdks/python/apache_beam/runners/interactive/extensions/apache-beam- >> jupyterlab-sidepanel >> >> jlpm >> >> jlpm build >> >> jupyter labextension link . >> * screenshots of the extension [4] >> * a publish dry run: >> >> npm notice === Tarball Details === >> >> npm notice name: apache-beam-jupyterlab-sidepanel >> >> npm notice version: 1.0.0 >> >> npm notice package size: 19.8 kB >> >> npm notice unpacked size: 101.9 kB >> >> npm notice shasum: 7f896de0d6e587aab2bef348a6e94f95f75f280f >> >> npm notice integrity: sha512-hdkn2Ni2S0roY[...]ShMK2/MAbQvyQ== >> >> npm notice total files: 51 >> >> npm notice >> >> + apache-beam-jupyterlab-sidepanel@1.0.0 >> >> The vote will be open for at least 72 hours. It is adopted by majority >> approval, with at least 3 PMC affirmative votes. >> >> Thanks! >> >> [1] >> https://github.com/apache/beam/releases/tag/jupyterlab-sidepanel-v1.0.0 >> [2] >> https://github.com/apache/beam/commit/b7ae7bb1dc28a7c8f26e9f48682e781a74e2d3c4 >> [3] https://blog.npmjs.org/post/172999548390/new-pgp-machinery >> [4] >> https://docs.google.com/document/d/1aKK8TzSrl8WiG0K4v9xZEfLMCinuGqRlMOyb7xOhgy4/edit#heading=h.he7se5yxfo7 >> >
