You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by Laurent Goujon <la...@dremio.com> on 2021/05/24 22:23:47 UTC
Release and GPG key
Hi,
I opened a pull request to add my public GPG keys to the KEYS file at the
root of the project:
https://github.com/apache/drill/pull/2234
Sadly this key is not part of the Web Of Trust, and I would need someone
part of it to validate my key. And also a PMC member to add it to the Drill
release SVN repository.
Anybody interested?
Laurent
Re: Release and GPG key
Posted by luoc <lu...@apache.org>.
Hi guys,
Please let me know if you need assistance.
> 在 2021年5月25日,08:20,Ted Dunning <te...@gmail.com> 写道:
>
> I would be happy to do this. My old Apache key is still live, but it isn't
> in the KEYS file yet. I can add it easily enough.
>
> One quick note. The fact that a key is in the KEYS file is enough of a web
> of trust in Apache. This is because only a committer can put it there.
> There is a further cross check with the SVN file.
>
> It is a very nice thing to do, however, to cross-sign keys. It is also a
> very tricky thing to do during COVID times.
>
> I will go ahead and cross sign Laurent's key once we have the phone call so
> that we have a bit of traceability this time.
>
>
>
>
>> On Mon, May 24, 2021 at 4:45 PM Laurent Goujon <la...@dremio.com> wrote:
>>
>> Yes, I was thinking of doing a zoom meeting where I would show proof of id
>> + key id. Especially because of Covid, that seems the easiest option.
>>
>>> On Mon, May 24, 2021, 16:08 Ted Dunning <te...@gmail.com> wrote:
>>>
>>> Laurent,
>>>
>>> The critical question here is how you can substantiate this key. IN
>> person,
>>> with a government ID, this would be easy.
>>>
>>> Do you know a committer personally who could vouch for you? Would you be
>>> interested in having a video call where you can present some ID?
>>>
>>> On Mon, May 24, 2021 at 3:24 PM Laurent Goujon <la...@dremio.com>
>> wrote:
>>>
>>>> Hi,
>>>>
>>>> I opened a pull request to add my public GPG keys to the KEYS file at
>> the
>>>> root of the project:
>>>> https://github.com/apache/drill/pull/2234
>>>>
>>>> Sadly this key is not part of the Web Of Trust, and I would need
>> someone
>>>> part of it to validate my key. And also a PMC member to add it to the
>>> Drill
>>>> release SVN repository.
>>>>
>>>> Anybody interested?
>>>>
>>>> Laurent
>>>>
>>>
>>
Re: Release and GPG key
Posted by Ted Dunning <te...@gmail.com>.
I would be happy to do this. My old Apache key is still live, but it isn't
in the KEYS file yet. I can add it easily enough.
One quick note. The fact that a key is in the KEYS file is enough of a web
of trust in Apache. This is because only a committer can put it there.
There is a further cross check with the SVN file.
It is a very nice thing to do, however, to cross-sign keys. It is also a
very tricky thing to do during COVID times.
I will go ahead and cross sign Laurent's key once we have the phone call so
that we have a bit of traceability this time.
On Mon, May 24, 2021 at 4:45 PM Laurent Goujon <la...@dremio.com> wrote:
> Yes, I was thinking of doing a zoom meeting where I would show proof of id
> + key id. Especially because of Covid, that seems the easiest option.
>
> On Mon, May 24, 2021, 16:08 Ted Dunning <te...@gmail.com> wrote:
>
> > Laurent,
> >
> > The critical question here is how you can substantiate this key. IN
> person,
> > with a government ID, this would be easy.
> >
> > Do you know a committer personally who could vouch for you? Would you be
> > interested in having a video call where you can present some ID?
> >
> > On Mon, May 24, 2021 at 3:24 PM Laurent Goujon <la...@dremio.com>
> wrote:
> >
> > > Hi,
> > >
> > > I opened a pull request to add my public GPG keys to the KEYS file at
> the
> > > root of the project:
> > > https://github.com/apache/drill/pull/2234
> > >
> > > Sadly this key is not part of the Web Of Trust, and I would need
> someone
> > > part of it to validate my key. And also a PMC member to add it to the
> > Drill
> > > release SVN repository.
> > >
> > > Anybody interested?
> > >
> > > Laurent
> > >
> >
>
Re: Release and GPG key
Posted by Laurent Goujon <la...@dremio.com>.
Yes, I was thinking of doing a zoom meeting where I would show proof of id
+ key id. Especially because of Covid, that seems the easiest option.
On Mon, May 24, 2021, 16:08 Ted Dunning <te...@gmail.com> wrote:
> Laurent,
>
> The critical question here is how you can substantiate this key. IN person,
> with a government ID, this would be easy.
>
> Do you know a committer personally who could vouch for you? Would you be
> interested in having a video call where you can present some ID?
>
> On Mon, May 24, 2021 at 3:24 PM Laurent Goujon <la...@dremio.com> wrote:
>
> > Hi,
> >
> > I opened a pull request to add my public GPG keys to the KEYS file at the
> > root of the project:
> > https://github.com/apache/drill/pull/2234
> >
> > Sadly this key is not part of the Web Of Trust, and I would need someone
> > part of it to validate my key. And also a PMC member to add it to the
> Drill
> > release SVN repository.
> >
> > Anybody interested?
> >
> > Laurent
> >
>
Re: Release and GPG key
Posted by Ted Dunning <te...@gmail.com>.
Laurent,
The critical question here is how you can substantiate this key. IN person,
with a government ID, this would be easy.
Do you know a committer personally who could vouch for you? Would you be
interested in having a video call where you can present some ID?
On Mon, May 24, 2021 at 3:24 PM Laurent Goujon <la...@dremio.com> wrote:
> Hi,
>
> I opened a pull request to add my public GPG keys to the KEYS file at the
> root of the project:
> https://github.com/apache/drill/pull/2234
>
> Sadly this key is not part of the Web Of Trust, and I would need someone
> part of it to validate my key. And also a PMC member to add it to the Drill
> release SVN repository.
>
> Anybody interested?
>
> Laurent
>