> On Mar 14, 2019, at 5:11 PM, Nick Kew <n...@apache.org> wrote: > > > >> On 14 Mar 2019, at 17:49, Dave Fisher <w...@apache.org> wrote: >> >> Hi - >> >> I’ve been reviewing releases and you are missing your KEYS file from >> https://dist.apache.org/repos/dist/release/incubator/myriad/ >> <https://dist.apache.org/repos/dist/release/incubator/myriad/> >> >> Your site should refer users to the KEYS file at >> https://www.apache.org/dist/incubator/myriad/KEYS >> <https://www.apache.org/dist/incubator/myriad/KEYS> > > ASF maintains foundation-wide keys at > https://people.apache.org/keys/committer/ . > Isn't that a better resource to reference than for individual projects to > replicate KEYS? > Especially for the many folks who are involved with multiple projects!
These are the KEYS for the release managers of the podling/project so that the users of the download artifact can validate the signature. We are following Release Distribution Policy. For fun you can take a look at checker.apache.org <http://checker.apache.org/>. Some people don’t sign releases with their personal key, but use a code signing key. Often a podling RM is new to Apache … there is enough to teach. Feel free to see about making the change, but this volunteer is not going to do a thing with changing that. ;-) If the ASF wants to pay a large amount of $ then I’ll think about. ;-) Regards, Dave > > -- > Nick Kew > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org >