You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@isis.apache.org by Dan Haywood <dk...@gmail.com> on 2011/02/01 13:53:29 UTC
Re: Publishing public key to key server?
On 30/01/2011 21:41, Siegfried Goeschl wrote:
> a few bits and pieces from my memory
>
> +) see http://www.apache.org/dev/release-signing.html
> +) upload your key to the key server
Thanks for this.
For benefit of others in Isis, I've updated our wiki with all the steps
I've followed to create my public key [1]
> +) join a key-signing party
> +) at Apache Commons I did my first release before joining a key
> signing party - that is possible but not encouraged
When are key signing parties held? I'm guessing it would require a trip
over to ApacheCon, which (a) is a long time away and (b) I'm not sure
yet if I'll be going?
Is there anything that can be done in lieu of this? Or perhaps one of
the mentors whose key has been signed by others will need to push out
the release when we have it?
Cheers
Dan
[1] https://cwiki.apache.org/confluence/display/ISIS/GeneratingPgpKeys
>
> Cheers,
>
> Siegfried Goeschl
>
>
> On 1/30/11 7:05 PM, Dan Haywood wrote:
>> As I now understand things, I don't need a key to publish a snapshot,
>> but I will need a key to do the first 0.1 release when we get to that
>> point.
>>
>> In preparation for then, I've generated a public key and added to the
>> Isis Keys file, as per [1].
>>
>> Do I also need to publish my key to the http://pgp.mit.edu key server? I
>> found some documentation [2] that suggests that it is necessary?
>>
>> Thanks
>> Dan
>>
>> [1] https://cwiki.apache.org/confluence/display/ISIS/GeneratingPgpKeys
>> [2] http://maven.apache.org/developers/release/pmc-gpg-keys.html ...
>> penultimate paragraph near the end
>>
>>
>
Re: Publishing public key to key server?
Posted by Benson Margulies <bi...@gmail.com>.
Hypothetically, this requires an in-person meetings between you and
someone else in the 'web of trust'. However, creativity is exercised
here. If there's someone who feels confident that they can establish
your identity as you and not your dog, they can sign your key.
On Tue, Feb 1, 2011 at 7:53 AM, Dan Haywood <dk...@gmail.com> wrote:
>
> On 30/01/2011 21:41, Siegfried Goeschl wrote:
>>
>> a few bits and pieces from my memory
>>
>> +) see http://www.apache.org/dev/release-signing.html
>> +) upload your key to the key server
>
> Thanks for this.
>
> For benefit of others in Isis, I've updated our wiki with all the steps I've
> followed to create my public key [1]
>
>
>> +) join a key-signing party
>> +) at Apache Commons I did my first release before joining a key signing
>> party - that is possible but not encouraged
>
> When are key signing parties held? I'm guessing it would require a trip
> over to ApacheCon, which (a) is a long time away and (b) I'm not sure yet if
> I'll be going?
>
> Is there anything that can be done in lieu of this? Or perhaps one of the
> mentors whose key has been signed by others will need to push out the
> release when we have it?
>
> Cheers
> Dan
>
> [1] https://cwiki.apache.org/confluence/display/ISIS/GeneratingPgpKeys
>
>
>
>>
>> Cheers,
>>
>> Siegfried Goeschl
>>
>>
>> On 1/30/11 7:05 PM, Dan Haywood wrote:
>>>
>>> As I now understand things, I don't need a key to publish a snapshot,
>>> but I will need a key to do the first 0.1 release when we get to that
>>> point.
>>>
>>> In preparation for then, I've generated a public key and added to the
>>> Isis Keys file, as per [1].
>>>
>>> Do I also need to publish my key to the http://pgp.mit.edu key server? I
>>> found some documentation [2] that suggests that it is necessary?
>>>
>>> Thanks
>>> Dan
>>>
>>> [1] https://cwiki.apache.org/confluence/display/ISIS/GeneratingPgpKeys
>>> [2] http://maven.apache.org/developers/release/pmc-gpg-keys.html ...
>>> penultimate paragraph near the end
>>>
>>>
>>
>