FYI: If you are a committer you should get your key(s) up asap: ---------- Forwarded message ---------- From: Daniel Shahaf <danie...@apache.org> Date: Thu, May 5, 2011 at 8:51 AM Subject: Centralized KEYS files on https://people.apache.org/ To: committ...@apache.org
The following is now implemented: If you login to https://id.apache.org and enter PGP key fingerprint(s), then the corresponding keys will within a few hours be made available under https://people.apache.org/keys/ , at URLs such as the following: https://people.apache.org/keys/committer/danielsh.asc (my key) https://people.apache.org/keys/group/httpd.asc (all httpd committers' keys). This arrangement is independent of the PGP fingerprints in ^/committers/info/, it does not pull fingerprints listed there. We recommend projects transition from KEYS files to /keys/group/$pmc.asc files managed via https://id.apache.org/. We have pre-filled this with the keys listed on the public http://people.apache.org pages (which are built from the information in ^/committers/info/ in the private repository). Some keys were not added, you can add those manually. You can edit or remove the listed keys via https://id.apache.org/. Documentation will follow on www.apache.org/dev/ later; it's basically "enter the fingerprint or keyid in a format that 'gpg --recv-key' is happy with". Questions, patches, bugs, flames: to infrastructure@ (about id.a.o) or site-dev@ (about the scripts generating the keys/ directory). Thanks to pctony; bugs by me. Daniel
