steveloughran commented on PR #3548: URL: https://github.com/apache/parquet-java/pull/3548#issuecomment-4422484668
I like this, and the redaction is good. which is why those tests matter too: they verify that local redaction works. Don't see any documentation though; it does need to get covered in the releasing docs. I think it's good to consider mandating here the concept of having specific project release keys: your parquet signing key != your iceberg signing key != your polaris one, though they'll be signed by your personal key, cross trust each other etc. that way, if a private key is leaked * the fact that someone was using your parquet key to sign an iceberg release would be obvious * revoking the key only declares your parquet releases as untrusted, doesn't affect other projects, or any of your code commits. I had to revoke a key in 2017 and git log was very unhappy about how the history was now full of revoked key commits. https://steveloughran.blogspot.com/2017/10/roca-breaks-my-commit-process.html -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
