You are viewing a plain text version of this content. The canonical link for it is here.
Posted to repository@apache.org by Brian Fox <br...@infinity.nu> on 2010/01/12 04:30:03 UTC
PGP validation
I have enabled automatic PGP validation during staging for all
projects using http://repository.apache.org. This checks that the
artifacts are properly signed with a PGP key and that the key is
available from a public server. If you get an error trying to close or
promote an artifact, first check that your key is uploaded to
http://pgp.mit.edu and if that doesn't work, make sure all the
artifacts are in fact signed and have .asc files.
Re: PGP validation
Posted by Jason Dillon <ja...@planet57.com>.
It wouldn't hurt.
--jason
On Jan 12, 2010, at 1:08 PM, Arnaud HERITIER wrote:
> are we sure that all apache projects which are using maven and the nexus repository subscribed here ?
> couldn't we send this sort of email to the all-pmcs list ?
>
> Arnaud Héritier
> Software Factory Manager
> eXo platform - http://www.exoplatform.com
> ---
> http://www.aheritier.net
>
>
> On Tue, Jan 12, 2010 at 4:30 AM, Brian Fox <br...@infinity.nu> wrote:
> I have enabled automatic PGP validation during staging for all
> projects using http://repository.apache.org. This checks that the
> artifacts are properly signed with a PGP key and that the key is
> available from a public server. If you get an error trying to close or
> promote an artifact, first check that your key is uploaded to
> http://pgp.mit.edu and if that doesn't work, make sure all the
> artifacts are in fact signed and have .asc files.
>
Re: PGP validation
Posted by Brian Fox <br...@sonatype.com>.
Ok thanks. We found a bug with retrieving keys that start with 0 so
I've disabled the check for now. It's fixed in 1.5 which is out any
day now and then I'll re-enable it.
On Wed, Jan 13, 2010 at 12:59 AM, Arnaud HERITIER <ah...@gmail.com> wrote:
> I think it is : pmcs@apache.org
> Arnaud Héritier
> Software Factory Manager
> eXo platform - http://www.exoplatform.com
> ---
> http://www.aheritier.net
>
>
> On Wed, Jan 13, 2010 at 3:54 AM, Brian Fox <br...@sonatype.com> wrote:
>>
>> Good idea, what's the alias for that? I'll craft a separate email for that
>> one.
>>
>> On Tue, Jan 12, 2010 at 1:08 AM, Arnaud HERITIER <ah...@gmail.com>
>> wrote:
>> > are we sure that all apache projects which are using maven and the nexus
>> > repository subscribed here ?
>> > couldn't we send this sort of email to the all-pmcs list ?
>> > Arnaud Héritier
>> > Software Factory Manager
>> > eXo platform - http://www.exoplatform.com
>> > ---
>> > http://www.aheritier.net
>> >
>> >
>> > On Tue, Jan 12, 2010 at 4:30 AM, Brian Fox <br...@infinity.nu> wrote:
>> >>
>> >> I have enabled automatic PGP validation during staging for all
>> >> projects using http://repository.apache.org. This checks that the
>> >> artifacts are properly signed with a PGP key and that the key is
>> >> available from a public server. If you get an error trying to close or
>> >> promote an artifact, first check that your key is uploaded to
>> >> http://pgp.mit.edu and if that doesn't work, make sure all the
>> >> artifacts are in fact signed and have .asc files.
>> >
>> >
>
>
Re: PGP validation
Posted by Arnaud HERITIER <ah...@gmail.com>.
I think it is : pmcs@apache.org
Arnaud Héritier
Software Factory Manager
eXo platform - http://www.exoplatform.com
---
http://www.aheritier.net
On Wed, Jan 13, 2010 at 3:54 AM, Brian Fox <br...@sonatype.com> wrote:
> Good idea, what's the alias for that? I'll craft a separate email for that
> one.
>
> On Tue, Jan 12, 2010 at 1:08 AM, Arnaud HERITIER <ah...@gmail.com>
> wrote:
> > are we sure that all apache projects which are using maven and the nexus
> > repository subscribed here ?
> > couldn't we send this sort of email to the all-pmcs list ?
> > Arnaud Héritier
> > Software Factory Manager
> > eXo platform - http://www.exoplatform.com
> > ---
> > http://www.aheritier.net
> >
> >
> > On Tue, Jan 12, 2010 at 4:30 AM, Brian Fox <br...@infinity.nu> wrote:
> >>
> >> I have enabled automatic PGP validation during staging for all
> >> projects using http://repository.apache.org. This checks that the
> >> artifacts are properly signed with a PGP key and that the key is
> >> available from a public server. If you get an error trying to close or
> >> promote an artifact, first check that your key is uploaded to
> >> http://pgp.mit.edu and if that doesn't work, make sure all the
> >> artifacts are in fact signed and have .asc files.
> >
> >
>
RE: PGP validation
Posted by "Gav..." <ga...@16degrees.com.au>.
> -----Original Message-----
> From: Brian Fox [mailto:brianf@sonatype.com]
> Sent: Wednesday, 13 January 2010 12:55 PM
> To: repository
> Subject: Re: PGP validation
>
> Good idea, what's the alias for that?
pmcs@apache.org
:)
Gav...
> I'll craft a separate email for
> that one.
>
> On Tue, Jan 12, 2010 at 1:08 AM, Arnaud HERITIER <ah...@gmail.com>
> wrote:
> > are we sure that all apache projects which are using maven and the
> nexus
> > repository subscribed here ?
> > couldn't we send this sort of email to the all-pmcs list ?
> > Arnaud Héritier
> > Software Factory Manager
> > eXo platform - http://www.exoplatform.com
> > ---
> > http://www.aheritier.net
> >
> >
> > On Tue, Jan 12, 2010 at 4:30 AM, Brian Fox <br...@infinity.nu>
> wrote:
> >>
> >> I have enabled automatic PGP validation during staging for all
> >> projects using http://repository.apache.org. This checks that the
> >> artifacts are properly signed with a PGP key and that the key is
> >> available from a public server. If you get an error trying to close
> or
> >> promote an artifact, first check that your key is uploaded to
> >> http://pgp.mit.edu and if that doesn't work, make sure all the
> >> artifacts are in fact signed and have .asc files.
> >
> >
Re: PGP validation
Posted by Brian Fox <br...@sonatype.com>.
Good idea, what's the alias for that? I'll craft a separate email for that one.
On Tue, Jan 12, 2010 at 1:08 AM, Arnaud HERITIER <ah...@gmail.com> wrote:
> are we sure that all apache projects which are using maven and the nexus
> repository subscribed here ?
> couldn't we send this sort of email to the all-pmcs list ?
> Arnaud Héritier
> Software Factory Manager
> eXo platform - http://www.exoplatform.com
> ---
> http://www.aheritier.net
>
>
> On Tue, Jan 12, 2010 at 4:30 AM, Brian Fox <br...@infinity.nu> wrote:
>>
>> I have enabled automatic PGP validation during staging for all
>> projects using http://repository.apache.org. This checks that the
>> artifacts are properly signed with a PGP key and that the key is
>> available from a public server. If you get an error trying to close or
>> promote an artifact, first check that your key is uploaded to
>> http://pgp.mit.edu and if that doesn't work, make sure all the
>> artifacts are in fact signed and have .asc files.
>
>
Re: PGP validation
Posted by Arnaud HERITIER <ah...@gmail.com>.
are we sure that all apache projects which are using maven and the nexus
repository subscribed here ?
couldn't we send this sort of email to the all-pmcs list ?
Arnaud Héritier
Software Factory Manager
eXo platform - http://www.exoplatform.com
---
http://www.aheritier.net
On Tue, Jan 12, 2010 at 4:30 AM, Brian Fox <br...@infinity.nu> wrote:
> I have enabled automatic PGP validation during staging for all
> projects using http://repository.apache.org. This checks that the
> artifacts are properly signed with a PGP key and that the key is
> available from a public server. If you get an error trying to close or
> promote an artifact, first check that your key is uploaded to
> http://pgp.mit.edu and if that doesn't work, make sure all the
> artifacts are in fact signed and have .asc files.
>