Hi all
Apologies in advance if this is not the correct audience for this
question: what is the correct process now for publishing signing keys
for releases? jclouds currently has a KEYS file [1]; there is another
(different) file containing keys in the groups list [2] on
people.apache, and most individual committers *also* have their
personal keys automatically retrieved via people.apache (e.g. [3]).
In an email thread on this topic Brian (McCallister) indicated that:
Upon investigation, if release signing keys are published via
https://people.apache.org/keys/ then we don't need a KEYS file and
should remove it.
-Brian
In that case, I'd be grateful if you could give some guidance on what
the validity of the other approaches (KEYS file published somewhere or
group KEYS file) is, and what we should do with those files, if
anything.
Thanks!
Andrew
[1] http://www.apache.org/dist/incubator/jclouds/KEYS
[2] https://people.apache.org/keys/group/jclouds.asc
[3] https://people.apache.org/keys/committer/andrewp.asc
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
