On Sun, 18 Feb 2024 at 23:46, sebbaz(Test) <sebbaz+t...@gmail.com> wrote: > > On Sun, 18 Feb 2024 at 17:14, Craig Russell <apache....@gmail.com> wrote: > > > > As you might have notices, we received an SGA signed with a GPG key. Whimsy > > verified the key but as far as I can see, the filing process did not store > > the key in the repository. > > Note that all the sig checks are done in the same routine, which saves > the key if it was successfully imported. > > It tried to save the SGA key, but failed; there was a problem with the > credentials (which I will try to fix). > > Was no error reported? > > > Perhaps we should change the name of the key repository to reflect that any > > of several documents might be signed, and change the code to store the key > > if it is used to sign any of the documents. > > > > The __keys__ directory is currently under iclas; perhaps it should be > moved to the same level as the iclas, cclas and grants.
Upon further checking, this would entail setting up a new entry SVN auth entry with the appropriate permissions; not sure it's worth it. > > WDYT? > > > > Craig L Russell > > c...@apache.org > >
