On Fri, 6 Sep 2013, Allison, Timothy B. wrote:
Log-in on people.apache.orgdeploy Maven artifacts {code} cd build/dist ./mvn-deploy.sh {code}According to mvn-deploy.sh, I have to have a link to my private key and enter my passphrase in the clear in xml on the people.apache.org server. Is this my pgp/gpg signing key or a different key? If pgp, doesn't this conflict with guidance of key security from Apache? If not, apologies for my denseness.
I think you can do that step on your local machine, not on people.apache.org . That way, your gpg key remains safe on your local box not shared
The artifacts, once signed, get pushed via people.apache.org, but I don't think the script should be run there
2. Make sure that the files are owned by the unix group apcvs and that they are writable by this group.
That should be "unix group poi" Nick --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
