As I mentioned in one of the other threads - we don't need to sign snapshot jars, just release jars and other release artifacts.
Regarding the keys for signing releases - that's per-user, with the key signatures living in /www/www.apache.org/dist/incubator/jclouds/KEYS (which I just created, with my key in there to start) - see http://www.apache.org/dev/release-signing.html for much more information on signing in general. And I'll be putting together a "how to release" doc when we get closer to our first release. And assuming no one objects, I'll manage the first release, since I've done this a few times before for Bigtop and Whirr - then there'll be an example for everyone else to follow. =) A. On Sat, May 11, 2013 at 5:00 PM, Andrew Phillips <[email protected]>wrote: > Quoting David Nalley <[email protected]>: > > On Sat, May 11, 2013 at 4:38 PM, Andrew Phillips <[email protected]> >> wrote: >> >>> Dear Mentors >>> >>> Having just seen a related discussion go by on the incubator list: where >>> would be the recommended place to store the public key for verification >>> of >>> the jclouds JARs? >>> >>> On the website? In the source repo? Elsewhere? >>> >>> Thanks! >>> >>> ap >>> >> >> Link to that discussion? I didn't see it in a brief perusal. >> > > Sorry, I meant this one and the subsequent comments: > > http://mail-archives.apache.**org/mod_mbox/incubator-** > general/201305.mbox/ajax/%**3CCAKprHVazZzUWGPZrTWjRK%2BK_** > yfS-1u1pNZ1AuXrhh0pxBVijsg%**40mail.gmail.com%3E<http://mail-archives.apache.org/mod_mbox/incubator-general/201305.mbox/ajax/%3CCAKprHVazZzUWGPZrTWjRK%2BK_yfS-1u1pNZ1AuXrhh0pxBVijsg%40mail.gmail.com%3E> > > Thanks for the suggestions. Guess the next steps will be to collect all > the relevant keys and aggregate them into the KEYS file... > > Regards > > ap >
