You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@isis.apache.org by Dan Haywood <dk...@gmail.com> on 2011/01/30 19:05:35 UTC

Publishing public key to key server?

As I now understand things, I don't need a key to publish a snapshot, 
but I will need a key to do the first 0.1 release when we get to that point.

In preparation for then, I've generated a public key and added to the 
Isis Keys file, as per [1].

Do I also need to publish my key to the http://pgp.mit.edu key server?  
I found some documentation [2] that suggests that it is necessary?

Thanks
Dan

[1] https://cwiki.apache.org/confluence/display/ISIS/GeneratingPgpKeys
[2] http://maven.apache.org/developers/release/pmc-gpg-keys.html  ... 
penultimate paragraph near the end

Re: Publishing public key to key server?

Posted by Benson Margulies <bi...@gmail.com>.

Hypothetically, this requires an in-person meetings between you and
someone else in the 'web of trust'. However, creativity is exercised
here. If there's someone who feels confident that they can establish
your identity as you and not your dog, they can sign your key.

On Tue, Feb 1, 2011 at 7:53 AM, Dan Haywood <dk...@gmail.com> wrote:
>
> On 30/01/2011 21:41, Siegfried Goeschl wrote:
>>
>> a few bits and pieces from my memory
>>
>> +) see http://www.apache.org/dev/release-signing.html
>> +) upload your key to the key server
>
> Thanks for this.
>
> For benefit of others in Isis, I've updated our wiki with all the steps I've
> followed to create my public key [1]
>
>
>> +) join a key-signing party
>> +) at Apache Commons I did my first release before joining a key signing
>> party - that is possible but not encouraged
>
> When are key signing parties held?  I'm guessing it would require a trip
> over to ApacheCon, which (a) is a long time away and (b) I'm not sure yet if
> I'll be going?
>
> Is there anything that can be done in lieu of this?  Or perhaps one of the
> mentors whose key has been signed by others will need to push out the
> release when we have it?
>
> Cheers
> Dan
>
> [1] https://cwiki.apache.org/confluence/display/ISIS/GeneratingPgpKeys
>
>
>
>>
>> Cheers,
>>
>> Siegfried Goeschl
>>
>>
>> On 1/30/11 7:05 PM, Dan Haywood wrote:
>>>
>>> As I now understand things, I don't need a key to publish a snapshot,
>>> but I will need a key to do the first 0.1 release when we get to that
>>> point.
>>>
>>> In preparation for then, I've generated a public key and added to the
>>> Isis Keys file, as per [1].
>>>
>>> Do I also need to publish my key to the http://pgp.mit.edu key server? I
>>> found some documentation [2] that suggests that it is necessary?
>>>
>>> Thanks
>>> Dan
>>>
>>> [1] https://cwiki.apache.org/confluence/display/ISIS/GeneratingPgpKeys
>>> [2] http://maven.apache.org/developers/release/pmc-gpg-keys.html ...
>>> penultimate paragraph near the end
>>>
>>>
>>
>

Re: Publishing public key to key server?

Posted by Dan Haywood <dk...@gmail.com>.

On 30/01/2011 21:41, Siegfried Goeschl wrote:
> a few bits and pieces from my memory
>
> +) see http://www.apache.org/dev/release-signing.html
> +) upload your key to the key server

Thanks for this.

For benefit of others in Isis, I've updated our wiki with all the steps 
I've followed to create my public key [1]


> +) join a key-signing party
> +) at Apache Commons I did my first release before joining a key 
> signing party - that is possible but not encouraged

When are key signing parties held?  I'm guessing it would require a trip 
over to ApacheCon, which (a) is a long time away and (b) I'm not sure 
yet if I'll be going?

Is there anything that can be done in lieu of this?  Or perhaps one of 
the mentors whose key has been signed by others will need to push out 
the release when we have it?

Cheers
Dan

[1] https://cwiki.apache.org/confluence/display/ISIS/GeneratingPgpKeys



>
> Cheers,
>
> Siegfried Goeschl
>
>
> On 1/30/11 7:05 PM, Dan Haywood wrote:
>> As I now understand things, I don't need a key to publish a snapshot,
>> but I will need a key to do the first 0.1 release when we get to that
>> point.
>>
>> In preparation for then, I've generated a public key and added to the
>> Isis Keys file, as per [1].
>>
>> Do I also need to publish my key to the http://pgp.mit.edu key server? I
>> found some documentation [2] that suggests that it is necessary?
>>
>> Thanks
>> Dan
>>
>> [1] https://cwiki.apache.org/confluence/display/ISIS/GeneratingPgpKeys
>> [2] http://maven.apache.org/developers/release/pmc-gpg-keys.html ...
>> penultimate paragraph near the end
>>
>>
>

Re: Publishing public key to key server?

Posted by Siegfried Goeschl <sg...@gmx.at>.

Hi Dan,

a few bits and pieces from my memory

+) see http://www.apache.org/dev/release-signing.html
+) upload your key to the key server
+) join a key-signing party
+) at Apache Commons I did my first release before joining a key signing 
party - that is possible but not encouraged

Cheers,

Siegfried Goeschl


On 1/30/11 7:05 PM, Dan Haywood wrote:
> As I now understand things, I don't need a key to publish a snapshot,
> but I will need a key to do the first 0.1 release when we get to that
> point.
>
> In preparation for then, I've generated a public key and added to the
> Isis Keys file, as per [1].
>
> Do I also need to publish my key to the http://pgp.mit.edu key server? I
> found some documentation [2] that suggests that it is necessary?
>
> Thanks
> Dan
>
> [1] https://cwiki.apache.org/confluence/display/ISIS/GeneratingPgpKeys
> [2] http://maven.apache.org/developers/release/pmc-gpg-keys.html ...
> penultimate paragraph near the end
>
>