You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@quickstep.apache.org by Jignesh Patel <jm...@gmail.com> on 2017/02/11 22:04:01 UTC

Release Managers? 

Hi folks: We are nearly ready to do a release. Anyone else wants to sign the release along with me? 

 

Also, I haven’t seen an email about providing input for the usual Podling report? Anyone else has seen this? I hope I haven’t missed it.

 

Cheers,

Jignesh  

Re: Release Managers?

Posted by Jignesh Patel <jm...@gmail.com>.
Thanks Julian for answers to both questions! 

Cheers,
Jignesh 

On 2/12/17, 12:39 AM, "Julian Hyde" <jh...@gmail.com> wrote:

    I don't know whether it's even possible for more than one person to sign the release.
    
    The way to make the release more "trustworthy" is to strengthen the release manager's web of trust. Have a key signing party [1] and sign each other's keys. 
    
    If the one person who signs the release is well established in the Apache web of trust then the release is clearly a genuine product of the Apache Software Foundation. 
    
    Regarding the report. It's possible that you're now scheduled to report only once per quarter. Projects are only monthly when they start out. 
    
    Julian
    
    [1] https://en.m.wikipedia.org/wiki/Key_signing_party
    
    
    
    Sent from my iPad
    > On Feb 11, 2017, at 2:04 PM, Jignesh Patel <jm...@gmail.com> wrote:
    > 
    > Hi folks: We are nearly ready to do a release. Anyone else wants to sign the release along with me? 
    > 
    > 
    > 
    > Also, I haven’t seen an email about providing input for the usual Podling report? Anyone else has seen this? I hope I haven’t missed it.
    > 
    > 
    > 
    > Cheers,
    > 
    > Jignesh  
    >

Re: Release Managers?

Posted by Julian Hyde <jh...@gmail.com>.
I don't know whether it's even possible for more than one person to sign the release.

The way to make the release more "trustworthy" is to strengthen the release manager's web of trust. Have a key signing party [1] and sign each other's keys. 

If the one person who signs the release is well established in the Apache web of trust then the release is clearly a genuine product of the Apache Software Foundation. 

Regarding the report. It's possible that you're now scheduled to report only once per quarter. Projects are only monthly when they start out. 

Julian

[1] https://en.m.wikipedia.org/wiki/Key_signing_party



Sent from my iPad
> On Feb 11, 2017, at 2:04 PM, Jignesh Patel <jm...@gmail.com> wrote:
> 
> Hi folks: We are nearly ready to do a release. Anyone else wants to sign the release along with me? 
> 
> 
> 
> Also, I haven’t seen an email about providing input for the usual Podling report? Anyone else has seen this? I hope I haven’t missed it.
> 
> 
> 
> Cheers,
> 
> Jignesh  
>