Re: Correct process for signing keys?

Hi Andrew, here are some basic docs: http://www.apache.org/dev/release-signing.html http://www.apache.org/dev/openpgp.html#update I could not find information on your specific question. At log4php we were curious recently about the same and decided to go with this: http://www.apache.org/dist/log

RE: Correct process for signing keys?

27;m complaining about. But I don't think orcmid@ a.o is subscribed to this list [;<). -Original Message- From: Christian Grobmeier [mailto:grobme...@gmail.com] Sent: Sunday, June 2, 2013 01:24 AM To: general@incubator.apache.org Subject: Re: Correct process for signing keys?

RE: Correct process for signing keys?

Hi Christian, Dennis Thanks for your responses and the links provided. By the sounds of it we're all roughly in the same position: aware of the different options and not 100% certain which is the current "correct" one, or if indeed all options are equally valid. Unfortunately, the docs also

Re: Correct process for signing keys?

I think that the RM _must_ have a key, that the key must be part of a KEYS file in svn/git, and that it _should_ be uploaded into their Apache account, and it is more better if it is signed into the GWOT (global web of trust). - T

Re: Correct process for signing keys?

Well, I've got the first three, and will bug coworkers in the GWOT to sign my key next week. =) A. On Sun, Jun 2, 2013 at 2:13 PM, Benson Margulies wrote: > I think that the RM _must_ have a key, that the key must be part of a > KEYS file in svn/git, and that it _should_ be uploaded into their >