Hi, > And I just noticed, when writing the release-documentation .... we should do > a PGP Keysigning session at the meetup.
Good idea. > Apache Releases are built around PGP keys. However currently I would be the > only one able to do a release as I'm the only one who has a key signed by > other Apache people. AFAIK It’s a nice to have not a requirement. Given that only people with Apache accounts can place the artefacts in the dist area and if it signed with an an known apache email address whose KEY is in the KEYS file you can be reasonably sure. Thanks, Justin
