Thanks I just saw your tweet
On Wed, Mar 5, 2014 at 10:42 PM, Andrew Grieve <[email protected]> wrote: > Just moved SetUpGpg wiki into coho as well since that's very release > process applicable. Problem is just that the github mirrors are not > up-to-date yet. You can see all the docs via apache's gitweb: > > > https://git-wip-us.apache.org/repos/asf?p=cordova-coho.git;a=blob;f=docs/setting-up-gpg.md > > I've tweeted my gpg fingerprint: https://twitter.com/GrieveAndrew. Just as > good as a phone call? > > If someone figures out how to use gpg --edit-key to fix up this message, > would be good to paste the commands into setting-up-gpg.md. > > > > On Wed, Mar 5, 2014 at 9:26 PM, Carlos Santana <[email protected]> > wrote: > > > I think I found the information here > > https://www.apache.org/info/verification.html > > > > Based on this *"Some people are satisfied by reading the key signature > over > > a telephone (voice verification). "* > > > > Should I give you a call Andrew? :-p > > > > By they way shouldn't the "KEYS" file be located in the download > directory > > also? https://dist.apache.org/repos/dist/dev/cordova/iab/ > > > > > > --Carlos > > > > > > > > On Wed, Mar 5, 2014 at 9:02 PM, Carlos Santana <[email protected]> > > wrote: > > > > > With the new process in place, where is documentation on how to verify > > the > > > signing and key stuff > > > > > > Was not able to find in the repo: > > > > > > https://github.com/apache/cordova-coho/tree/master/docs > > > > > > > > > > > > > > > On Wed, Mar 5, 2014 at 5:01 PM, Ian Clelland <[email protected] > > >wrote: > > > > > >> I've seen that before -- it just means that you haven't declared, > > >> explicitly or implicitly, that you trust that the signing key is > really > > >> Andrew's. > > >> > > >> The important line should be above that, and should say > > >> > > >> gpg: Good signature from "Andrew Grieve (CODE SIGNING KEY) < > > >> [email protected]>" > > >> > > >> What you can do right now is run "gpg --fingerprint", and then have > > Andrew > > >> do that same, and verify that they match. Then you can safely ignore > the > > >> message :) > > >> > > >> The long term solution is to get Andrew's (and Steven's, and anyone > > >> else's) > > >> public key signed by some Apache folks. Apparently there's a key > signing > > >> party at every ApacheCon, so that'll be a good time to do it. > > >> > > >> > > >> -------- > > >> Instead of ignoring the message, you can also sign the key with your > > own: > > >> > > >> $ gpg --edit-key [email protected] > > >> > sign > > >> > save > > >> > > >> > > >> > > >> On Wed, Mar 5, 2014 at 3:19 PM, Michal Mocny <[email protected]> > > wrote: > > >> > > >> > +1 > > >> > > > >> > However, gpg --verify gives me: > > >> > > > >> > gpg: WARNING: This key is not certified with a trusted signature! > > >> > gpg: There is no indication that the signature belongs to > the > > >> > owner. > > >> > > > >> > I don't recall seeing this before. I had to add your new key to > verify > > >> this > > >> > time. > > >> > > > >> > -Michal > > >> > > > >> > > > >> > On Wed, Mar 5, 2014 at 2:45 PM, Andrew Grieve <[email protected] > > > > >> > wrote: > > >> > > > >> > > Please review and vote on the release of this inappbrowser > release. > > >> > > > > >> > > The plugin has been publish here: > > >> > > https://dist.apache.org/repos/dist/dev/cordova/iab/ > > >> > > > > >> > > It is the same as the recently published 0.3.2, except with: > > >> > > * CB-6172 Fix broken install on case-sensitive file-systems > > >> > > > > >> > > The packages were published from their corresponding git tags: > > >> > > cordova-plugin-inappbrowser: 0.3.3 (a5dedae631) > > >> > > > > >> > > Upon a successful vote I will upload the archives to dist/, upload > > >> them > > >> > to > > >> > > the Plugins Registry, and post the corresponding blog post. > > >> > > > > >> > > Voting will go on for a minimum of 20 hours. > > >> > > > > >> > > I vote +1. > > >> > > > > >> > > > >> > > > > > > > > > > > > -- > > > Carlos Santana > > > <[email protected]> > > > > > > > > > > > -- > > Carlos Santana > > <[email protected]> > > > -- Carlos Santana <[email protected]>
