Make our public KEYS available for auto-checkers run by Apache infrastructure
-----------------------------------------------------------------------------
Key: UIMA-1101
URL: https://issues.apache.org/jira/browse/UIMA-1101
Project: UIMA
Issue Type: Task
Components: Build, Packaging and Test
Reporter: Marshall Schor
Priority: Minor
The KEYS file is used by an automated process to verify proper signing of all
artifacts put in Maven repositories - see
http://people.apache.org/~henkp/repo/faq.html. That FAQ says about the keys:
The checker looks for keys in the KEYS file in the maven repo and
www.apache.org/dist/
* If you key is missing, you should add your public pgp key to an
appropriate KEYS file.
* Also, make your public pgp key available in file .pgpkey in your home
directory /home/your-username/
on people.apache.org ; make sure the checker can read it : chmod +r
.pgpkey
* Look at /home/henkp/.pgpkey for an example.
* Never, never store your private pgp key on people.apache.org
The KEYS files seems (on inspection) rarely put into the Maven repository - so
I think we should skip that part. The file that most likely really needs
updating is the one or www.apache.org/dist - it's missing the recent upates
that were done in our SVN keys file.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
