8am in Durban South Africa is 11pm the night before in Phoenix AZ. However, I frequently am up until midnight so that could work. 5-5:30 pm is 7:30-8 am in Phoenix. I usually am not in front of my computer on a weekday until 8 am but on occasion I can do earlier.
Ralph > On Sep 20, 2020, at 9:46 AM, Davyd McColl <dav...@gmail.com> wrote: > > Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my son > from school) > > -d > > > On September 20, 2020 18:44:19 Matt Sicker <boa...@gmail.com> wrote: > >> We’re not quite as strict as Debian for keys (though if you can find a >> Debian group locally, they’re great for key signing). The video call idea >> could work for exchanging keys. What times would you be available to do >> that? >> >> On Sun, Sep 20, 2020 at 03:09 Davyd McColl <dav...@gmail.com> wrote: >> >>> Hi Ralph >>> >>> >>> >>> I think I miscommunicated: I'm not regenerating my signing key - just the >>> >>> nuget API key for package upload. This forces me to log in in nuget.org >>> >>> which has 2fa and then I only use that key on the cli for the immediate >>> upload. >>> >>> >>> >>> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I >>> used >>> >>> last time. >>> >>> >>> >>> -d >>> >>> >>> >>> >>> >>> On September 20, 2020 09:01:36 Ralph Goers <ralph.go...@dslextreme.com> >>> wrote: >>> >>> >>> >>> > In the long run you don’t want to be regenerating your signing key for >>> >>> > every release. The point is that you would upload the key to a central >>> >>> > keystore and other people would sign it there. At ApacheCon we would >>> have a >>> >>> > key signing “party” where we recorded each others keys and then would >>> take >>> >>> > our list and update the central keystore. When people verify the key >>> they >>> >>> > can look at the keystore and see that it is signed by a number of >>> people, >>> >>> > who then have their keys by a number of people and so on so you are >>> >>> > building a web of trust. Sooner or later there will be someone in that >>> web >>> >>> > that you personally know and trust. >>> >>> > >>> >>> > Ralph >>> >>> > >>> >>> >> On Sep 19, 2020, at 11:26 PM, Davyd McColl <dav...@gmail.com> wrote: >>> >>> >> >>> >>> >> Thanks Matt, I've updated the artifacts on GitHub to have detached >>> >>> >> signatures. I had previously also uploaded my key to sks-keyservers.net, >>> >>> >>> >> but I've also uploaded to MIT, though search there always times out. >>> >>> >> >>> >>> >> The document you've linked mentions face-to-face interactions to get my >>> key >>> >>> >> into the official KEYS file. Not sure how many apache people are at my >>> end >>> >>> >> of the world (Durban, South Africa), but I can do an online meeting if >>> that >>> >>> >> helps. Last release, Ralph said I should sign, so I did. I'm new to >>> signing >>> >>> >> release artifacts - I've generally relied on authentication during >>> upload >>> >>> >> as verification of authenticity, with 2FA wherever possible (GitHub and >>> >>> >> NPM; nuget survives with an apikey - but for the last 2 releases, I've >>> >>> >> regenerated the key on each use and only supplied it on the cli at >>> upload, >>> >>> >> so as not to store it locally) >>> >>> >> >>> >>> >> -d >>> >>> >> >>> >>> >> >>> >>> >> On September 19, 2020 22:23:41 Matt Sicker <boa...@gmail.com> wrote: >>> >>> >> >>> >>> >>> Oh and there's a bit of an issue with the signed files: it looks like >>> >>> >>> you included _signed files_ rather than detached signatures. Thus, the >>> >>> >>> .asc files are only verifying themselves rather than the accompanying >>> >>> >>> file. >>> >>> >>> >>> >>> >>> There's a --detached option in gpg for this (yeah, it's always had a >>> bad UI). >>> >>> >>> >>> >>> >>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker <boa...@gmail.com> wrote: >>> >>> >>>> >>> >>> >>>> The KEYS file [1] that's linked on the download page does not have >>> >>> >>>> your key in it. Neither does other KEYS file [2]. Check out [3] for >>> >>> >>>> more info. >>> >>> >>>> >>> >>> >>>> [1]: https://downloads.apache.org/logging/log4net/KEYS >>> >>> >>>> [2]: https://downloads.apache.org/logging/KEYS >>> >>> >>>> [3]: https://infra.apache.org/release-signing.html#keys-policy >>> >>> >>>> >>> >>> >>>> >>> >>> >>>> >>> >>> >>>> On Sat, 19 Sep 2020 at 12:48, Davyd McColl <dav...@gmail.com> wrote: >>> >>> >>>> > >>> >>> >>>> > Thanks Matt, I've done so. Hopefully that makes it easier to verify >>> >>> >>>> > artifacts that I have signed. >>> >>> >>>> > >>> >>> >>>> > -d >>> >>> >>>> > >>> >>> >>>> > >>> >>> >>>> > On September 18, 2020 23:11:48 Matt Sicker <boa...@gmail.com> >>> wrote: >>> >>> >>>> > >>> >>> >>>> > > If you upload your key to your GitHub profile, that also makes it >>> >>> >>>> > > simple to find. For example, just add ".gpg" to your profile URL: >>> >>> >>>> > > https://github.com/fluffynuts.gpg >>> >>> >>>> > > >>> >>> >>>> > > On Fri, 18 Sep 2020 at 16:08, Remko Popma <remko.po...@gmail.com> >>> wrote: >>> >>> >>>> > >> >>> >>> >>>> > >> +1 remko >>> >>> >>>> > >> >>> >>> >>>> > >> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker <boa...@gmail.com> >>> wrote: >>> >>> >>>> > >> >>> >>> >>>> > >> > How about your gpg key? I don't think we've imported that to >>> the KEYS >>> >>> >>>> > >> > file as far as I can tell? >>> >>> >>>> > >> > >>> >>> >>>> > >> > On Fri, 18 Sep 2020 at 15:53, Matt Sicker <boa...@gmail.com> >>> wrote: >>> >>> >>>> > >> > > >>> >>> >>>> > >> > > Oh sorry, I didn't notice that you uploaded them there >>> (wasn't even >>> >>> >>>> > >> > > aware that it was possible to be honest). >>> >>> >>>> > >> > > >>> >>> >>>> > >> > > On Fri, 18 Sep 2020 at 14:43, Davyd McColl <dav...@gmail.com> >>> wrote: >>> >>> >>>> > >> > > > >>> >>> >>>> > >> > > > Hi Matt >>> >>> >>>> > >> > > > >>> >>> >>>> > >> > > > Release artifacts are available on the GitHub release page >>> >>> >>>> > >> > > > (https://GitHub.com/Apache/logging-log4net/releases) - >>> expand the >>> >>> >>>> > >> > assets >>> >>> >>>> > >> > > > list if it's collapsed. >>> >>> >>>> > >> > > > >>> >>> >>>> > >> > > > I'll need someone to upload them to the downloads source >>> as I >>> >>> >>>> think I >>> >>> >>>> > >> > don't >>> >>> >>>> > >> > > > have access to do so (if I'm wrong, I'd love to be >>> corrected, >>> >>> >>>> because >>> >>> >>>> > >> > I'd >>> >>> >>>> > >> > > > be less of an annoyance then!). Ralph has stepped in to >>> help here in >>> >>> >>>> > >> > the past. >>> >>> >>>> > >> > > > >>> >>> >>>> > >> > > > -d >>> >>> >>>> > >> > > > >>> >>> >>>> > >> > > > >>> >>> >>>> > >> > > > On September 18, 2020 20:09:07 Matt Sicker < >>> boa...@gmail.com> wrote: >>> >>> >>>> > >> > > > >>> >>> >>>> > >> > > > > Do you have links to the release artifacts? The download >>> page >>> >>> >>>> links >>> >>> >>>> > >> > to >>> >>> >>>> > >> > > > > the live site which doesn't have the artifacts yet since >>> >>> >>>> they're not >>> >>> >>>> > >> > > > > released yet. :) >>> >>> >>>> > >> > > > > >>> >>> >>>> > >> > > > > On Fri, 18 Sep 2020 at 09:05, Davyd McColl >>> >>> >>>> <davyd.mcc...@codeo.co.za> >>> >>> >>>> > >> > wrote: >>> >>> >>>> > >> > > > >> >>> >>> >>>> > >> > > > >> Hi all >>> >>> >>>> > >> > > > >> >>> >>> >>>> > >> > > > >> I have another potential release available: 2.0.11, >>> tagged as >>> >>> >>>> > >> > rc/2.0.11 >>> >>> >>>> > >> > > > >> >>> >>> >>>> > >> > > > >> Changes are really minor: >>> >>> >>>> > >> > > > >> - fixed assembly versioning (all assemblies should >>> report >>> >>> >>>> 2.0.11.0 >>> >>> >>>> > >> > as their >>> >>> >>>> > >> > > > >> version now) >>> >>> >>>> > >> > > > >> - properly dispose of StreamWriters within logging >>> appenders >>> >>> >>>> > >> > (thanks to >>> >>> >>>> > >> > > > >> @NicholasNoise) >>> >>> >>>> > >> > > > >> >>> >>> >>>> > >> > > > >> Binaries are up at >>> >>> >>>> > >> > > > >> >>> >>> >>>> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 >>> >>> >>>> > >> > and I've >>> >>> >>>> > >> > > > >> pushed to asf-staging for logging, now up at >>> >>> >>>> > >> > > > >> >>> https://logging.staged.apache.org/log4net/download_log4net.html >>> >>> >>>> > >> > > > >> >>> >>> >>>> > >> > > > >> Thanks >>> >>> >>>> > >> > > > >> -d >>> >>> >>>> > >> > > > > >>> >>> >>>> > >> > > > > >>> >>> >>>> > >> > > > > >>> >>> >>>> > >> > > > > -- >>> >>> >>>> > >> > > > > Matt Sicker <boa...@gmail.com> >>> >>> >>>> > >> > > >>> >>> >>>> > >> > > >>> >>> >>>> > >> > > >>> >>> >>>> > >> > > -- >>> >>> >>>> > >> > > Matt Sicker <boa...@gmail.com> >>> >>> >>>> > >> > >>> >>> >>>> > >> > >>> >>> >>>> > >> > >>> >>> >>>> > >> > -- >>> >>> >>>> > >> > Matt Sicker <boa...@gmail.com> >>> >>> >>>> > >> > >>> >>> >>>> > > >>> >>> >>>> > > >>> >>> >>>> > > >>> >>> >>>> > > -- >>> >>> >>>> > > Matt Sicker <boa...@gmail.com> >>> >>> >>>> >>> >>> >>>> >>> >>> >>>> >>> >>> >>>> -- >>> >>> >>>> Matt Sicker <boa...@gmail.com> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> -- >>> >>> >>> Matt Sicker <boa...@gmail.com> >>> >>> > >>> >>> > >>> >>> -- >> Matt Sicker <boa...@gmail.com>
