Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
I think so. On 19 July 2017 at 10:46, Gary Gregory wrote: > On Jul 19, 2017 08:43, "Matt Sicker" wrote: > > On 18 July 2017 at 15:02, Stefan Bodewig wrote: > > > > We shouldn't remove any key that has been used to sign a release in the > > past. No matter how long in the past :-) > > > > What about expired keys? > > > Can't those still be used to validate old releases? > > Gary > > > -- > Matt Sicker > -- Matt Sicker
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
On 18 July 2017 at 15:02, Stefan Bodewig wrote: > > We shouldn't remove any key that has been used to sign a release in the > past. No matter how long in the past :-) > What about expired keys? -- Matt Sicker
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
On Jul 19, 2017 08:43, "Matt Sicker" wrote: On 18 July 2017 at 15:02, Stefan Bodewig wrote: > > We shouldn't remove any key that has been used to sign a release in the > past. No matter how long in the past :-) > What about expired keys? Can't those still be used to validate old releases? Gary -- Matt Sicker
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
Hi Amey Amey Jadiye wrote: > I observed we have lot of keys in > https://www.apache.org/dist/commons/KEYS, even keys of developers who > might have resigned from commons, can we just > review and remove keys of developers who resigned or no more active ? IMHO it depends on whether a key was used to sign a release. Cheers, Jörg - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
fair enough not to remove keys ;) , Thanks. Regards, Amey On Wed, Jul 19, 2017, 1:32 AM Stefan Bodewig wrote: > On 2017-07-18, Amey Jadiye wrote: > > > I observed we have lot of keys in > https://www.apache.org/dist/commons/KEYS, > > even keys of developers who might have resigned from commons, can we just > > review and remove keys of developers who resigned or no more active ? > > We shouldn't remove any key that has been used to sign a release in the > past. No matter how long in the past :-) > > Stefan > > - > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
On Tue, Jul 18, 2017 at 1:02 PM, Stefan Bodewig wrote: > On 2017-07-18, Amey Jadiye wrote: > > > I observed we have lot of keys in https://www.apache.org/dist/ > commons/KEYS, > > even keys of developers who might have resigned from commons, can we just > > review and remove keys of developers who resigned or no more active ? > > We shouldn't remove any key that has been used to sign a release in the > past. No matter how long in the past :-) > +1 Gary > > Stefan > > - > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
On 2017-07-18, Amey Jadiye wrote: > I observed we have lot of keys in https://www.apache.org/dist/commons/KEYS, > even keys of developers who might have resigned from commons, can we just > review and remove keys of developers who resigned or no more active ? We shouldn't remove any key that has been used to sign a release in the past. No matter how long in the past :-) Stefan - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
How about developers who resigned ? It means whoever sent mail that they are not willing to be the part of community.? I think keeping keys of non-active developers of Ok. Ex. James have resigned http://commons.markmail.org/message/i2davy3nf4fr7xqp But I can see his key. pub 1024D/9EEDB2D5 2006-04-14 uid James Carman sig 39EEDB2D5 2006-04-14 James Carman sub 2048g/4240E713 2006-04-14 sig 9EEDB2D5 2006-04-14 James Carman Also I see lot of people resigned here http://commons.markmail.org/message/2fzh5qgwhppkdslj Regards, Amey On Tue, Jul 18, 2017 at 11:55 PM, Gary Gregory wrote: > There is no criteria for "not active"; either you are a committer or you > are not per: https://people.apache.org/phonebook.html?unix=commons > > Gary > > On Tue, Jul 18, 2017 at 11:21 AM, Amey Jadiye > wrote: > > > I observed we have lot of keys in https://www.apache.org/dist/ > commons/KEYS > > , > > even keys of developers who might have resigned from commons, can we just > > review and remove keys of developers who resigned or no more active ? > > > > Regards, > > Amey > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > -- - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
> On Jul 18, 2017, at 2:25 PM, Gary Gregory wrote: > > There is no criteria for "not active"; either you are a committer or you > are not per: https://people.apache.org/phonebook.html?unix=commons > It feels like a bad idea because we may have very old releases that could still be verified by using the archaic keys in the file. My 2 cents, -Rob > Gary > >> On Tue, Jul 18, 2017 at 11:21 AM, Amey Jadiye wrote: >> >> I observed we have lot of keys in https://www.apache.org/dist/commons/KEYS >> , >> even keys of developers who might have resigned from commons, can we just >> review and remove keys of developers who resigned or no more active ? >> >> Regards, >> Amey >> >> - >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> For additional commands, e-mail: dev-h...@commons.apache.org >> - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
Also, the KEYS list can include ANY Apache Committer, not just members Apache Commons. IOW, I think the only people to remove are people that no longer are Apache Committers. Gary On Tue, Jul 18, 2017 at 11:25 AM, Gary Gregory wrote: > There is no criteria for "not active"; either you are a committer or you > are not per: https://people.apache.org/phonebook.html?unix=commons > > Gary > > On Tue, Jul 18, 2017 at 11:21 AM, Amey Jadiye > wrote: > >> I observed we have lot of keys in https://www.apache.org/dist/co >> mmons/KEYS, >> even keys of developers who might have resigned from commons, can we just >> review and remove keys of developers who resigned or no more active ? >> >> Regards, >> Amey >> >> - >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> For additional commands, e-mail: dev-h...@commons.apache.org >> > >
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
There is no criteria for "not active"; either you are a committer or you are not per: https://people.apache.org/phonebook.html?unix=commons Gary On Tue, Jul 18, 2017 at 11:21 AM, Amey Jadiye wrote: > I observed we have lot of keys in https://www.apache.org/dist/commons/KEYS > , > even keys of developers who might have resigned from commons, can we just > review and remove keys of developers who resigned or no more active ? > > Regards, > Amey > > - > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org >
[all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
I observed we have lot of keys in https://www.apache.org/dist/commons/KEYS, even keys of developers who might have resigned from commons, can we just review and remove keys of developers who resigned or no more active ? Regards, Amey - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
