I would be happy to do this. My old Apache key is still live, but it isn't in the KEYS file yet. I can add it easily enough.
One quick note. The fact that a key is in the KEYS file is enough of a web of trust in Apache. This is because only a committer can put it there. There is a further cross check with the SVN file. It is a very nice thing to do, however, to cross-sign keys. It is also a very tricky thing to do during COVID times. I will go ahead and cross sign Laurent's key once we have the phone call so that we have a bit of traceability this time. On Mon, May 24, 2021 at 4:45 PM Laurent Goujon <laur...@dremio.com> wrote: > Yes, I was thinking of doing a zoom meeting where I would show proof of id > + key id. Especially because of Covid, that seems the easiest option. > > On Mon, May 24, 2021, 16:08 Ted Dunning <ted.dunn...@gmail.com> wrote: > > > Laurent, > > > > The critical question here is how you can substantiate this key. IN > person, > > with a government ID, this would be easy. > > > > Do you know a committer personally who could vouch for you? Would you be > > interested in having a video call where you can present some ID? > > > > On Mon, May 24, 2021 at 3:24 PM Laurent Goujon <laur...@dremio.com> > wrote: > > > > > Hi, > > > > > > I opened a pull request to add my public GPG keys to the KEYS file at > the > > > root of the project: > > > https://github.com/apache/drill/pull/2234 > > > > > > Sadly this key is not part of the Web Of Trust, and I would need > someone > > > part of it to validate my key. And also a PMC member to add it to the > > Drill > > > release SVN repository. > > > > > > Anybody interested? > > > > > > Laurent > > > > > >
