You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@logging.apache.org by Nicko Cadell <ni...@neoworks.com> on 2005/03/07 20:46:38 UTC
RE: [VOTE] log4net 1.2.9 beta release
I have created a PGP key pair, exported it to http://pgp.mit.edu/, added
it to the KEYS.txt in the root of the logging-log4net repository.
I think I have done all the procedural things, and now I just need it to
be cross signed by other keys.
Nicko
> -----Original Message-----
> From: Curt Arnold [mailto:carnold@apache.org]
> Sent: 28 February 2005 22:28
> To: Logging General
> Subject: Re: [VOTE] log4net 1.2.9 beta release
>
> What is your status with regard to PGP keys
> (http://httpd.apache.org/dev/verification.html)? I know that
> I need to get my keys verified by a few other Apache
> developers before a log4cxx release.
>
>
Re: [VOTE] log4net 1.2.9 beta release
Posted by Curt Arnold <ca...@apache.org>.
From http://www.apache.org/~henkp/trust/apache.html, it seems like it
is no sin to sign a release with a key that has not yet been
cross-signed. 2/3 of keys used to release ASF software haven't been
cross-signed. However, if you do release software with your key and
later get that key signed, then all those benefits would flow back to
the previous released software. Having your key cross-signed is a good
thing, but wasn't a graduation requirement.
The process described in http://www.apache.org/~henkp/trust/ involves
face-to-face meeting with government issued ID (passport, drivers
license). Pretty easy if you live down the street from one of the
existing ASF web of trust members (likely in the Bay Area, not so
likely anywhere else). There was an "key signing" party at the last
ApacheCON (and likely one at ApacheCON Europe).
If you'd like to get cross-signed now, you might post a message on
committers@apache.org asking for anyone near your location who would be
up for meeting to sign your key to send you an email off list. If you
do that, ask if anyone near Houston, TX would email me.
On Mar 7, 2005, at 1:46 PM, Nicko Cadell wrote:
> I have created a PGP key pair, exported it to http://pgp.mit.edu/,
> added
> it to the KEYS.txt in the root of the logging-log4net repository.
> I think I have done all the procedural things, and now I just need it
> to
> be cross signed by other keys.
>
> Nicko
>
>> -----Original Message-----
>> From: Curt Arnold [mailto:carnold@apache.org]
>> Sent: 28 February 2005 22:28
>> To: Logging General
>> Subject: Re: [VOTE] log4net 1.2.9 beta release
>>
>> What is your status with regard to PGP keys
>> (http://httpd.apache.org/dev/verification.html)? I know that
>> I need to get my keys verified by a few other Apache
>> developers before a log4cxx release.
>>
>>
>
Re: [VOTE] log4net 1.2.9 beta release
Posted by Ceki Gülcü <ce...@qos.ch>.
I don't think anyone would fail graduating log4net if it did not sign its
releases. Don't mind me, please sign your releases if it makes you feel
more comfortable.
At 04:01 PM 3/8/2005, you wrote:
>http://incubator.apache.org/incubation/Incubation_Policy.html
>
>Under the conditions of incubator graduation:
>
> ⦠Releases are PGP signed by a member of the community
>
>http://www.apache.org/dev/mirrors.html
>
>Under goals:
>
> ⢠All releases must be signed by the release manager.
>
>On Mar 8, 2005, at 3:33 AM, Ceki Gülcü wrote:
>
>>Nicko,
>>
>>As far as I know, signing releases is not a mandatory step.
>>
>>At 08:46 PM 3/7/2005, Nicko Cadell wrote:
>>>I have created a PGP key pair, exported it to http://pgp.mit.edu/, added
>>>it to the KEYS.txt in the root of the logging-log4net repository.
>>>I think I have done all the procedural things, and now I just need it to
>>>be cross signed by other keys.
>>>
>>>Nicko
--
Ceki Gülcü
The complete log4j manual: http://www.qos.ch/log4j/
Re: [VOTE] log4net 1.2.9 beta release
Posted by Curt Arnold <ca...@apache.org>.
http://incubator.apache.org/incubation/Incubation_Policy.html
Under the conditions of incubator graduation:
◦ Releases are PGP signed by a member of the community
http://www.apache.org/dev/mirrors.html
Under goals:
• All releases must be signed by the release manager.
On Mar 8, 2005, at 3:33 AM, Ceki Gülcü wrote:
> Nicko,
>
> As far as I know, signing releases is not a mandatory step.
>
> At 08:46 PM 3/7/2005, Nicko Cadell wrote:
>> I have created a PGP key pair, exported it to http://pgp.mit.edu/,
>> added
>> it to the KEYS.txt in the root of the logging-log4net repository.
>> I think I have done all the procedural things, and now I just need it
>> to
>> be cross signed by other keys.
>>
>> Nicko
RE: [VOTE] log4net 1.2.9 beta release
Posted by Ceki Gülcü <ce...@qos.ch>.
Nicko,
As far as I know, signing releases is not a mandatory step.
At 08:46 PM 3/7/2005, Nicko Cadell wrote:
>I have created a PGP key pair, exported it to http://pgp.mit.edu/, added
>it to the KEYS.txt in the root of the logging-log4net repository.
>I think I have done all the procedural things, and now I just need it to
>be cross signed by other keys.
>
>Nicko
>
> > -----Original Message-----
> > From: Curt Arnold [mailto:carnold@apache.org]
> > Sent: 28 February 2005 22:28
> > To: Logging General
> > Subject: Re: [VOTE] log4net 1.2.9 beta release
> >
> > What is your status with regard to PGP keys
> > (http://httpd.apache.org/dev/verification.html)? I know that
> > I need to get my keys verified by a few other Apache
> > developers before a log4cxx release.
> >
> >
--
Ceki Gülcü
The complete log4j manual: http://www.qos.ch/log4j/