kwin commented on issue #2: SLING-8029 Retrieve gpg key automatically if it is
missing in keyring
URL:
https://github.com/apache/sling-tooling-release/pull/2#issuecomment-430990437
If I understand correctly, we should validate if the public keys are also
listed in https://people.apache.org/keys/group/sling.asc, as that one contains
the trusted list of public keys (as those require ASF credentials to add
there). For more details see
http://sling.apache.org/documentation/development/release-management.html#appendix-a-create-and-add-your-key-to-peopleapacheorg.
Is it possible to validate against this list?
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services