You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@singa.apache.org by "Moaz Reyad (Jira)" <ji...@apache.org> on 2019/11/02 16:23:00 UTC

[jira] [Resolved] (SINGA-456) Adding more PGP Keys

     [ https://issues.apache.org/jira/browse/SINGA-456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Moaz Reyad resolved SINGA-456.
------------------------------
    Resolution: Fixed

At least one active PGP key will be required to sign the future releases.

I close this issue since we have one active key from me. Anh's key is expired and should be updated (or removed?) from the KEYS file.

All team members are welcome to create their own PGP key and append it to the KEYS file. It will be better to have more than one active key in the KEYS file.

> Adding more PGP Keys
> --------------------
>
>                 Key: SINGA-456
>                 URL: https://issues.apache.org/jira/browse/SINGA-456
>             Project: Singa
>          Issue Type: Improvement
>            Reporter: Moaz Reyad
>            Priority: Major
>         Attachments: KEYS
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Currently the SINGA [KEYS |https://www.apache.org/dist/incubator/singa/KEYS] file has only one PGP key which is expiring this September (it needs to be updated). This means only one person can sign the releases. While other projects like CouchDB for example, have several keys in the [KEYS |https://www.apache.org/dist/couchdb/KEYS] file.
> It will be useful if every active Apache committer in the team create a PGP key and uploads the Public Key Primary Fingerprint to his account using [Apache Account Utility|https://id.apache.org/]. Then append the new key to the SINGA KEYS file.
> Furthermore, the keys themselves can be signed for more trust. SINGA team can exchange key signatures between them or organize a [key signing party|https://www.apache.org/dev/release-signing#key-signing-party]. This will help adding more SINGA committers into the [Apache Web of Trust|https://www.apache.org/dev/release-signing#web-of-trust]. 
> I attach with this issue the KEYS file with my key appended at the end. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)