My +1.
I do agree that a 4096 keys is better for releases, although the current
requirement is "Committers with a DSA key or an RSA key of length *less
than* 2048 bits should generate a new key for signing releases" .
Kiran's ky is 2048 bits long, whihc is strictly speaking, the bare
minimum to
+1
* Built from source tar.gz
* Verified checksums and signatures
Kind Regards,
Stefan
PS: The API and ApacheDS release process mention a "sign.sh" which
generates signatures and checksums for distribution packages. Please
update the Mavibot release documentation to use that script too.
On 08/0
Hi Stefan,
On Sun, Aug 9, 2015 at 9:09 PM, Stefan Seelmann
wrote:
> Hi Kiran,
>
> The packages are signed with key A591AB7A which is only 2048 bits DSA
> key. According to [1] minimum strength should be 4096 RSA. I'm not sure
> if that is a blocker but please consider to use another key for next
Hi Kiran,
The packages are signed with key A591AB7A which is only 2048 bits DSA
key. According to [1] minimum strength should be 4096 RSA. I'm not sure
if that is a blocker but please consider to use another key for next
release.
Please also add your key(s) to our KEYS file [2].
The source and b
Hello Dev,
This is the eighth release of Apache Mavibot, the MVCC BTree in Java !
This release contains complete support for free page management (reusing
the copied and unused pages)
Please cast your vote !
The revision :
http://svn.apache.org/r1694862
The SVN tag:
https://svn.apache.org/rep