Re: centralized KEYS file?
+1 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: centralized KEYS file?
I've done the below. * New central KEYS file in place. * README.txt's changed to point to the new one. * jakarta.apache.org download page points to the new one. * Old KEYS files deleted * central KEYS file added to svn * KEYS files in individual components removed (13 had them) * find performed for jakarta.apache.org/commons to make sure nothing has urls to the removed KEYS Tim's expired key has been used. Robert's hasn't (afaict), so we can remove that one. On 6/13/07, Henri Yandell <[EMAIL PROTECTED]> wrote: I think we'd just delete them. There'd be a KEYS file one higher in the hierarchy, and the downloads.xml page can be changed to link to that top one. Also need to check there are no links to KEYS within the commons space. Hen On 6/12/07, Jochen Wiedmann <[EMAIL PROTECTED]> wrote: > And replace the current KEYS files with soft links? Dunno how the > mirrors handle that. > > > -- > "Besides, manipulating elections is under penalty of law, resulting in > a preventative effect against manipulating elections. > > The german government justifying the use of electronic voting machines > and obviously believing that we don't need a police, because all > illegal actions are forbidden. > > http://dip.bundestag.de/btd/16/051/1605194.pdf > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: centralized KEYS file?
On 14/06/07, Ben Speakmon <[EMAIL PROTECTED]> wrote: > Let's deal with them after we get things merged (which I'm doing right > now in fact :) ). > > What do we do with the above? Getting rid of them is only a problem if they were used to sign a release. If so, we need to resign such releases with valid keys before throwing them out permanently. Good point. However there will be copies of the KEYS files in the dist (and archive) directories. One way to deal with this would be to create the KEYS file with all the entries, and then remove any expired keys that are not used in current releases. So the key would still be recoverable via SVN and from the archives. Just a suggestion. S - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: centralized KEYS file?
Let's deal with them after we get things merged (which I'm doing right now in fact :) ). What do we do with the above? Getting rid of them is only a problem if they were used to sign a release. If so, we need to resign such releases with valid keys before throwing them out permanently.
Re: centralized KEYS file?
On 6/14/07, sebb <[EMAIL PROTECTED]> wrote: On 13/06/07, Ben Speakmon <[EMAIL PROTECTED]> wrote: > I condensed all KEYS files from dist/jakarta/commons into the file at: > > http://people.apache.org/~bspeakmon/KEYS-commons-proper.gpg > > I only removed duplicates and made sure the whole thing imported correctly > into my gpg; I didn't try to verify them against a store or check for > expiry. The following have expired: sub 1024g/6AE82A1A 2003-11-23 [expires: 2005-11-22] sig DB00048C 2003-11-23 Tim O'Brien <[EMAIL PROTECTED]> and sub 1056g/EF8E1258 2003-08-27 [expires: 2005-08-26] sig F2A46D40 2003-08-27 Rob Leland (For Uploading Builds/Releases) <[EMAIL PROTECTED]> Let's deal with them after we get things merged (which I'm doing right now in fact :) ). What do we do with the above? Hen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: centralized KEYS file?
On 13/06/07, Ben Speakmon <[EMAIL PROTECTED]> wrote: I condensed all KEYS files from dist/jakarta/commons into the file at: http://people.apache.org/~bspeakmon/KEYS-commons-proper.gpg I only removed duplicates and made sure the whole thing imported correctly into my gpg; I didn't try to verify them against a store or check for expiry. The following have expired: sub 1024g/6AE82A1A 2003-11-23 [expires: 2005-11-22] sig DB00048C 2003-11-23 Tim O'Brien <[EMAIL PROTECTED]> and sub 1056g/EF8E1258 2003-08-27 [expires: 2005-08-26] sig F2A46D40 2003-08-27 Rob Leland (For Uploading Builds/Releases) <[EMAIL PROTECTED]> Not sure what needs to be done with it from here...? On 6/12/07, Jochen Wiedmann <[EMAIL PROTECTED]> wrote: > > And replace the current KEYS files with soft links? Dunno how the > mirrors handle that. > > > -- > "Besides, manipulating elections is under penalty of law, resulting in > a preventative effect against manipulating elections. > > The german government justifying the use of electronic voting machines > and obviously believing that we don't need a police, because all > illegal actions are forbidden. > > http://dip.bundestag.de/btd/16/051/1605194.pdf > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: centralized KEYS file?
I think we'd just delete them. There'd be a KEYS file one higher in the hierarchy, and the downloads.xml page can be changed to link to that top one. Also need to check there are no links to KEYS within the commons space. Hen On 6/12/07, Jochen Wiedmann <[EMAIL PROTECTED]> wrote: And replace the current KEYS files with soft links? Dunno how the mirrors handle that. -- "Besides, manipulating elections is under penalty of law, resulting in a preventative effect against manipulating elections. The german government justifying the use of electronic voting machines and obviously believing that we don't need a police, because all illegal actions are forbidden. http://dip.bundestag.de/btd/16/051/1605194.pdf - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: centralized KEYS file?
I condensed all KEYS files from dist/jakarta/commons into the file at: http://people.apache.org/~bspeakmon/KEYS-commons-proper.gpg I only removed duplicates and made sure the whole thing imported correctly into my gpg; I didn't try to verify them against a store or check for expiry. Not sure what needs to be done with it from here...? On 6/12/07, Jochen Wiedmann <[EMAIL PROTECTED]> wrote: And replace the current KEYS files with soft links? Dunno how the mirrors handle that. -- "Besides, manipulating elections is under penalty of law, resulting in a preventative effect against manipulating elections. The german government justifying the use of electronic voting machines and obviously believing that we don't need a police, because all illegal actions are forbidden. http://dip.bundestag.de/btd/16/051/1605194.pdf - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: centralized KEYS file?
And replace the current KEYS files with soft links? Dunno how the mirrors handle that. -- "Besides, manipulating elections is under penalty of law, resulting in a preventative effect against manipulating elections. The german government justifying the use of electronic voting machines and obviously believing that we don't need a police, because all illegal actions are forbidden. http://dip.bundestag.de/btd/16/051/1605194.pdf - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: centralized KEYS file?
On 12.06.2007, at 22:53, Dennis Lundberg wrote: Ben Speakmon wrote: Would it be a good idea to have one centralized KEYS file for all commons developers? It'd be easier to update, delete or revoke any single key and remove a lot of duplication. I was reviewing the IO 1.3.2 RC and I couldn't find the key Jochen used to sign the release tarballs. I don't see any reason offhand why it shouldn't be in the same place as the keys to verify any other release. Thoughts? I like the idea of a single KEYS file for commons. To no surprise this gets my +1 as well ;) cheers -- Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: centralized KEYS file?
Go for it! On 6/13/07, Ben Speakmon <[EMAIL PROTECTED]> wrote: Would it be a good idea to have one centralized KEYS file for all commons developers? It'd be easier to update, delete or revoke any single key and remove a lot of duplication. I was reviewing the IO 1.3.2 RC and I couldn't find the key Jochen used to sign the release tarballs. I don't see any reason offhand why it shouldn't be in the same place as the keys to verify any other release. Thoughts? -- dIon Gillard Rule #131 of Acquisition: Information is Profit. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: centralized KEYS file?
On 6/12/07, Dennis Lundberg <[EMAIL PROTECTED]> wrote: Ben Speakmon wrote: > Would it be a good idea to have one centralized KEYS file for all commons > developers? It'd be easier to update, delete or revoke any single key and > remove a lot of duplication. > > I was reviewing the IO 1.3.2 RC and I couldn't find the key Jochen used to > sign the release tarballs. I don't see any reason offhand why it shouldn't > be in the same place as the keys to verify any other release. > > Thoughts? > I like the idea of a single KEYS file for commons. +1. Should be pretty easy to put in place. Concatenate the existing ones, then modify the downloads.xml in jakarta/site. Hen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: centralized KEYS file?
Ben Speakmon wrote: Would it be a good idea to have one centralized KEYS file for all commons developers? It'd be easier to update, delete or revoke any single key and remove a lot of duplication. I was reviewing the IO 1.3.2 RC and I couldn't find the key Jochen used to sign the release tarballs. I don't see any reason offhand why it shouldn't be in the same place as the keys to verify any other release. Thoughts? I like the idea of a single KEYS file for commons. -- Dennis Lundberg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
centralized KEYS file?
Would it be a good idea to have one centralized KEYS file for all commons developers? It'd be easier to update, delete or revoke any single key and remove a lot of duplication. I was reviewing the IO 1.3.2 RC and I couldn't find the key Jochen used to sign the release tarballs. I don't see any reason offhand why it shouldn't be in the same place as the keys to verify any other release. Thoughts?