Thanks Julian for answers to both questions!
Cheers,
Jignesh
On 2/12/17, 12:39 AM, "Julian Hyde" <jhyde.apa...@gmail.com> wrote:
I don't know whether it's even possible for more than one person to sign
the release.
The way to make the release more "trustworthy" is to strengthen the release
manager's web of trust. Have a key signing party [1] and sign each other's
keys.
If the one person who signs the release is well established in the Apache
web of trust then the release is clearly a genuine product of the Apache
Software Foundation.
Regarding the report. It's possible that you're now scheduled to report
only once per quarter. Projects are only monthly when they start out.
Julian
[1] https://en.m.wikipedia.org/wiki/Key_signing_party
Sent from my iPad
> On Feb 11, 2017, at 2:04 PM, Jignesh Patel <jmp.quicks...@gmail.com>
wrote:
>
> Hi folks: We are nearly ready to do a release. Anyone else wants to sign
the release along with me?
>
>
>
> Also, I haven’t seen an email about providing input for the usual Podling
report? Anyone else has seen this? I hope I haven’t missed it.
>
>
>
> Cheers,
>
> Jignesh
>
