[
https://issues.apache.org/jira/browse/SINGA-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16915113#comment-16915113
]
ASF subversion and git services commented on SINGA-456:
-------------------------------------------------------
Commit c28df010ecdb79a334674982a3881fb9a224347a in incubator-singa's branch
refs/heads/master from Moaz Reyad
[ https://gitbox.apache.org/repos/asf?p=incubator-singa.git;h=c28df01 ]
SINGA-456 Add KEYS file
> Adding more PGP Keys
> --------------------
>
> Key: SINGA-456
> URL: https://issues.apache.org/jira/browse/SINGA-456
> Project: Singa
> Issue Type: Improvement
> Reporter: Moaz Reyad
> Priority: Major
> Attachments: KEYS
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Currently the SINGA [KEYS |https://www.apache.org/dist/incubator/singa/KEYS]
> file has only one PGP key which is expiring this September (it needs to be
> updated). This means only one person can sign the releases. While other
> projects like CouchDB for example, have several keys in the [KEYS
> |https://www.apache.org/dist/couchdb/KEYS] file.
> It will be useful if every active Apache committer in the team create a PGP
> key and uploads the Public Key Primary Fingerprint to his account using
> [Apache Account Utility|https://id.apache.org/]. Then append the new key to
> the SINGA KEYS file.
> Furthermore, the keys themselves can be signed for more trust. SINGA team can
> exchange key signatures between them or organize a [key signing
> party|https://www.apache.org/dev/release-signing#key-signing-party]. This
> will help adding more SINGA committers into the [Apache Web of
> Trust|https://www.apache.org/dev/release-signing#web-of-trust].
> I attach with this issue the KEYS file with my key appended at the end.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
