Looking for GPG key signers in Boston area

2017-06-19 Thread Eric Friedrich (efriedri)
Apologies for this slightly unorthodox use of the mailer. I’m in the process of preparing a release for the Traffic Control podling. As the RM, I have to use my GPG key to sign the release. However, my GPG key is not yet tied into the web of trust and we cannot pass the vote because of this.

Re: Looking for GPG key signers in Boston area

2017-06-19 Thread John D. Ament
I think all you have to do is upload it via https://pgp.mit.edu/ ... John On Mon, Jun 19, 2017 at 1:11 PM Eric Friedrich (efriedri) < efrie...@cisco.com> wrote: > Apologies for this slightly unorthodox use of the mailer. > > I’m in the process of preparing a release for the Traffic Contr

Re: Looking for GPG key signers in Boston area

2017-06-19 Thread Eric Friedrich (efriedri)
Thanks John- My key is already listed there and is present in the KEYS file as well. Doesn’t the key also need to be verified by others at Apache to be considered valid? —Eric > On Jun 19, 2017, at 1:12 PM, John D. Ament wrote: > > I think all you have to do is upload it via https://pgp.mi

Re: Looking for GPG key signers in Boston area

2017-06-19 Thread John D. Ament
Is there a guide you're getting that from? When I look at [1] it seems we trust the public registries, so nothing else should be needed. John [1]: https://www.apache.org/info/verification.html On Mon, Jun 19, 2017 at 1:28 PM Eric Friedrich (efriedri) < efrie...@cisco.com> wrote: > Thanks John

Re: Looking for GPG key signers in Boston area

2017-06-19 Thread Jim Apple
"Signing keys SHOULD be linked into a strong web of trust." On Mon, Jun 19, 2017 at 10:29 AM, John D. Ament wrote: > Is there a guide you're getting that from? When I look at [1] it seems we > trust the public registries, so no

Re: Looking for GPG key signers in Boston area

2017-06-19 Thread Nick Kew
On Mon, 2017-06-19 at 17:11 +, Eric Friedrich (efriedri) wrote: > Apologies for this slightly unorthodox use of the mailer. > > I’m in the process of preparing a release for the Traffic Control podling. As > the RM, I have to use my GPG key to sign the release. > > However, my GPG key is n

Re: Looking for GPG key signers in Boston area

2017-06-20 Thread Bertrand Delacretaz
On Mon, Jun 19, 2017 at 11:11 PM, Nick Kew wrote: > ...You should indeed collect some signatures Indeed - the "Web of Trust" section of https://www.apache.org/dev/release-signing.html has more info on getting your key signed by others. -Bertrand -