You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tamaya.apache.org by "Tresch, Anatole " <an...@credit-suisse.com> on 2015/08/14 15:23:56 UTC
KEYS file
Hi all
I have a few questions related to Apache dist policies:
1) My personal key, used so far, also for the release, is not yet signed by another apache key as typically done at ApacheCons. If that is a problem, I assume somebody must rerun/reupload our release from the 0.1-incubating branch/tag, which has a signed key, before starting the incubator PMC vote ...?
2) currently the PGP keys used are accessible only from:
https://git-wip-us.apache.org/repos/asf?p=incubator-tamaya.git;a=blob_plain;f=keys/KEYS;hb=refs/heads/0.1-incubating
whereas other projects have them typically under something like
https://dist.apache.org/repos/dist/release/tamaya/KEYS
or in our case, since we not yet have published it:
https://dist.apache.org/repos/dist/dev/tamaya/KEYS
Is that a problem for the incubator PMC vote? If no, I can start the vote using the above KEYS ref.
Regarding the point 2, https://dist.apache.org/repos/dist/release/tamaya and https://dist.apache.org/repos/dist/dev/tamaya as of now
does not yet exist. As documented in http://www.apache.org/dev/release.html#upload-ci for managing our releases we must create an according INFRA ticket so the directories/access get created and corresponding
commit mails go to our commits mailing list. Unfortunately I cannot do that from my banks office here, since firewall prevent me
logging in into the Apache JIRA system ;(
So if somebody has time it might be good to fail that infra ticket, so we can similarly upload our public keys file, or I will do it later tonight (late night MET).
Let me know, if somebody has some feedback related to my questions.
Cheers,
Anatole
Anatole Tresch
Platform Strategy & Strategic Projects, KGVX 42
+41 44 334 03 89 (*414 0389)
Re: KEYS file
Posted by "John D. Ament" <jo...@apache.org>.
Anatole,
The fact that we were able to close the repo means the key used to sign the
release was fine.
John
On Fri, Aug 14, 2015 at 9:24 AM Tresch, Anatole <
anatole.tresch@credit-suisse.com> wrote:
> Hi all
>
> I have a few questions related to Apache dist policies:
>
>
> 1) My personal key, used so far, also for the release, is not yet
> signed by another apache key as typically done at ApacheCons. If that is a
> problem, I assume somebody must rerun/reupload our release from the
> 0.1-incubating branch/tag, which has a signed key, before starting the
> incubator PMC vote ...?
>
> 2) currently the PGP keys used are accessible only from:
>
> https://git-wip-us.apache.org/repos/asf?p=incubator-tamaya.git;a=blob_plain;f=keys/KEYS;hb=refs/heads/0.1-incubating
> whereas other projects have them typically under something like
> https://dist.apache.org/repos/dist/release/tamaya/KEYS
> or in our case, since we not yet have published it:
> https://dist.apache.org/repos/dist/dev/tamaya/KEYS
> Is that a problem for the incubator PMC vote? If no, I can start the vote
> using the above KEYS ref.
>
>
> Regarding the point 2, https://dist.apache.org/repos/dist/release/tamaya
> and https://dist.apache.org/repos/dist/dev/tamaya as of now
> does not yet exist. As documented in
> http://www.apache.org/dev/release.html#upload-ci for managing our
> releases we must create an according INFRA ticket so the directories/access
> get created and corresponding
> commit mails go to our commits mailing list. Unfortunately I cannot do
> that from my banks office here, since firewall prevent me
> logging in into the Apache JIRA system ;(
> So if somebody has time it might be good to fail that infra ticket, so we
> can similarly upload our public keys file, or I will do it later tonight
> (late night MET).
>
> Let me know, if somebody has some feedback related to my questions.
>
> Cheers,
> Anatole
>
>
> Anatole Tresch
> Platform Strategy & Strategic Projects, KGVX 42
> +41 44 334 03 89 (*414 0389)
>
>