[jira] [Commented] (SINGA-456) Adding more PGP Keys
[ https://issues.apache.org/jira/browse/SINGA-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16915115#comment-16915115 ] ASF subversion and git services commented on SINGA-456: --- Commit a5a3221b45621163c9f1ad601a91be2daaeeb30c in incubator-singa's branch refs/heads/master from Wei Wang [ https://gitbox.apache.org/repos/asf?p=incubator-singa.git;h=a5a3221 ] Merge pull request #530 from moazreyad/SINGA-456 SINGA-456 Add KEYS file > Adding more PGP Keys > > > Key: SINGA-456 > URL: https://issues.apache.org/jira/browse/SINGA-456 > Project: Singa > Issue Type: Improvement >Reporter: Moaz Reyad >Priority: Major > Attachments: KEYS > > Time Spent: 20m > Remaining Estimate: 0h > > Currently the SINGA [KEYS |https://www.apache.org/dist/incubator/singa/KEYS] > file has only one PGP key which is expiring this September (it needs to be > updated). This means only one person can sign the releases. While other > projects like CouchDB for example, have several keys in the [KEYS > |https://www.apache.org/dist/couchdb/KEYS] file. > It will be useful if every active Apache committer in the team create a PGP > key and uploads the Public Key Primary Fingerprint to his account using > [Apache Account Utility|https://id.apache.org/]. Then append the new key to > the SINGA KEYS file. > Furthermore, the keys themselves can be signed for more trust. SINGA team can > exchange key signatures between them or organize a [key signing > party|https://www.apache.org/dev/release-signing#key-signing-party]. This > will help adding more SINGA committers into the [Apache Web of > Trust|https://www.apache.org/dev/release-signing#web-of-trust]. > I attach with this issue the KEYS file with my key appended at the end. -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Commented] (SINGA-456) Adding more PGP Keys
[ https://issues.apache.org/jira/browse/SINGA-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16915114#comment-16915114 ] ASF subversion and git services commented on SINGA-456: --- Commit a5a3221b45621163c9f1ad601a91be2daaeeb30c in incubator-singa's branch refs/heads/master from Wei Wang [ https://gitbox.apache.org/repos/asf?p=incubator-singa.git;h=a5a3221 ] Merge pull request #530 from moazreyad/SINGA-456 SINGA-456 Add KEYS file > Adding more PGP Keys > > > Key: SINGA-456 > URL: https://issues.apache.org/jira/browse/SINGA-456 > Project: Singa > Issue Type: Improvement >Reporter: Moaz Reyad >Priority: Major > Attachments: KEYS > > Time Spent: 20m > Remaining Estimate: 0h > > Currently the SINGA [KEYS |https://www.apache.org/dist/incubator/singa/KEYS] > file has only one PGP key which is expiring this September (it needs to be > updated). This means only one person can sign the releases. While other > projects like CouchDB for example, have several keys in the [KEYS > |https://www.apache.org/dist/couchdb/KEYS] file. > It will be useful if every active Apache committer in the team create a PGP > key and uploads the Public Key Primary Fingerprint to his account using > [Apache Account Utility|https://id.apache.org/]. Then append the new key to > the SINGA KEYS file. > Furthermore, the keys themselves can be signed for more trust. SINGA team can > exchange key signatures between them or organize a [key signing > party|https://www.apache.org/dev/release-signing#key-signing-party]. This > will help adding more SINGA committers into the [Apache Web of > Trust|https://www.apache.org/dev/release-signing#web-of-trust]. > I attach with this issue the KEYS file with my key appended at the end. -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Commented] (SINGA-456) Adding more PGP Keys
[ https://issues.apache.org/jira/browse/SINGA-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16915113#comment-16915113 ] ASF subversion and git services commented on SINGA-456: --- Commit c28df010ecdb79a334674982a3881fb9a224347a in incubator-singa's branch refs/heads/master from Moaz Reyad [ https://gitbox.apache.org/repos/asf?p=incubator-singa.git;h=c28df01 ] SINGA-456 Add KEYS file > Adding more PGP Keys > > > Key: SINGA-456 > URL: https://issues.apache.org/jira/browse/SINGA-456 > Project: Singa > Issue Type: Improvement >Reporter: Moaz Reyad >Priority: Major > Attachments: KEYS > > Time Spent: 20m > Remaining Estimate: 0h > > Currently the SINGA [KEYS |https://www.apache.org/dist/incubator/singa/KEYS] > file has only one PGP key which is expiring this September (it needs to be > updated). This means only one person can sign the releases. While other > projects like CouchDB for example, have several keys in the [KEYS > |https://www.apache.org/dist/couchdb/KEYS] file. > It will be useful if every active Apache committer in the team create a PGP > key and uploads the Public Key Primary Fingerprint to his account using > [Apache Account Utility|https://id.apache.org/]. Then append the new key to > the SINGA KEYS file. > Furthermore, the keys themselves can be signed for more trust. SINGA team can > exchange key signatures between them or organize a [key signing > party|https://www.apache.org/dev/release-signing#key-signing-party]. This > will help adding more SINGA committers into the [Apache Web of > Trust|https://www.apache.org/dev/release-signing#web-of-trust]. > I attach with this issue the KEYS file with my key appended at the end. -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Commented] (SINGA-456) Adding more PGP Keys
[ https://issues.apache.org/jira/browse/SINGA-456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16915107#comment-16915107 ] Moaz Reyad commented on SINGA-456: -- reminder: the key will expire next month and it should be extended. Otherwise the next release of SINGA can not be correctly signed. I noticed also that many Apache projects put the KEYS file in GitHub, such as [MXNET|https://github.com/apache/incubator-mxnet/blob/master/KEYS], [NIFI|https://github.com/apache/nifi/blob/master/KEYS], [Tika|https://github.com/apache/tika/blob/master/KEYS], … etc. So it may be a good idea to add SINGA KEYS also to GitHub. > Adding more PGP Keys > > > Key: SINGA-456 > URL: https://issues.apache.org/jira/browse/SINGA-456 > Project: Singa > Issue Type: Improvement >Reporter: Moaz Reyad >Priority: Major > Attachments: KEYS > > > Currently the SINGA [KEYS |https://www.apache.org/dist/incubator/singa/KEYS] > file has only one PGP key which is expiring this September (it needs to be > updated). This means only one person can sign the releases. While other > projects like CouchDB for example, have several keys in the [KEYS > |https://www.apache.org/dist/couchdb/KEYS] file. > It will be useful if every active Apache committer in the team create a PGP > key and uploads the Public Key Primary Fingerprint to his account using > [Apache Account Utility|https://id.apache.org/]. Then append the new key to > the SINGA KEYS file. > Furthermore, the keys themselves can be signed for more trust. SINGA team can > exchange key signatures between them or organize a [key signing > party|https://www.apache.org/dev/release-signing#key-signing-party]. This > will help adding more SINGA committers into the [Apache Web of > Trust|https://www.apache.org/dev/release-signing#web-of-trust]. > I attach with this issue the KEYS file with my key appended at the end. -- This message was sent by Atlassian Jira (v8.3.2#803003)