You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@commons.apache.org by Amey Jadiye <am...@gmail.com> on 2017/07/18 18:21:43 UTC
[all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
I observed we have lot of keys in https://www.apache.org/dist/commons/KEYS,
even keys of developers who might have resigned from commons, can we just
review and remove keys of developers who resigned or no more active ?
Regards,
Amey
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
Posted by Amey Jadiye <am...@gmail.com>.
fair enough not to remove keys ;) , Thanks.
Regards,
Amey
On Wed, Jul 19, 2017, 1:32 AM Stefan Bodewig <bo...@apache.org> wrote:
> On 2017-07-18, Amey Jadiye wrote:
>
> > I observed we have lot of keys in
> https://www.apache.org/dist/commons/KEYS,
> > even keys of developers who might have resigned from commons, can we just
> > review and remove keys of developers who resigned or no more active ?
>
> We shouldn't remove any key that has been used to sign a release in the
> past. No matter how long in the past :-)
>
> Stefan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
Posted by Matt Sicker <bo...@gmail.com>.
I think so.
On 19 July 2017 at 10:46, Gary Gregory <ga...@gmail.com> wrote:
> On Jul 19, 2017 08:43, "Matt Sicker" <bo...@gmail.com> wrote:
>
> On 18 July 2017 at 15:02, Stefan Bodewig <bo...@apache.org> wrote:
> >
> > We shouldn't remove any key that has been used to sign a release in the
> > past. No matter how long in the past :-)
> >
>
> What about expired keys?
>
>
> Can't those still be used to validate old releases?
>
> Gary
>
>
> --
> Matt Sicker <bo...@gmail.com>
>
--
Matt Sicker <bo...@gmail.com>
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
Posted by Gary Gregory <ga...@gmail.com>.
On Jul 19, 2017 08:43, "Matt Sicker" <bo...@gmail.com> wrote:
On 18 July 2017 at 15:02, Stefan Bodewig <bo...@apache.org> wrote:
>
> We shouldn't remove any key that has been used to sign a release in the
> past. No matter how long in the past :-)
>
What about expired keys?
Can't those still be used to validate old releases?
Gary
--
Matt Sicker <bo...@gmail.com>
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
Posted by Matt Sicker <bo...@gmail.com>.
On 18 July 2017 at 15:02, Stefan Bodewig <bo...@apache.org> wrote:
>
> We shouldn't remove any key that has been used to sign a release in the
> past. No matter how long in the past :-)
>
What about expired keys?
--
Matt Sicker <bo...@gmail.com>
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
Posted by Gary Gregory <ga...@gmail.com>.
On Tue, Jul 18, 2017 at 1:02 PM, Stefan Bodewig <bo...@apache.org> wrote:
> On 2017-07-18, Amey Jadiye wrote:
>
> > I observed we have lot of keys in https://www.apache.org/dist/
> commons/KEYS,
> > even keys of developers who might have resigned from commons, can we just
> > review and remove keys of developers who resigned or no more active ?
>
> We shouldn't remove any key that has been used to sign a release in the
> past. No matter how long in the past :-)
>
+1
Gary
>
> Stefan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
Posted by Stefan Bodewig <bo...@apache.org>.
On 2017-07-18, Amey Jadiye wrote:
> I observed we have lot of keys in https://www.apache.org/dist/commons/KEYS,
> even keys of developers who might have resigned from commons, can we just
> review and remove keys of developers who resigned or no more active ?
We shouldn't remove any key that has been used to sign a release in the
past. No matter how long in the past :-)
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
Posted by Gary Gregory <ga...@gmail.com>.
Also, the KEYS list can include ANY Apache Committer, not just members
Apache Commons.
IOW, I think the only people to remove are people that no longer are Apache
Committers.
Gary
On Tue, Jul 18, 2017 at 11:25 AM, Gary Gregory <ga...@gmail.com>
wrote:
> There is no criteria for "not active"; either you are a committer or you
> are not per: https://people.apache.org/phonebook.html?unix=commons
>
> Gary
>
> On Tue, Jul 18, 2017 at 11:21 AM, Amey Jadiye <am...@gmail.com>
> wrote:
>
>> I observed we have lot of keys in https://www.apache.org/dist/co
>> mmons/KEYS,
>> even keys of developers who might have resigned from commons, can we just
>> review and remove keys of developers who resigned or no more active ?
>>
>> Regards,
>> Amey
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> For additional commands, e-mail: dev-help@commons.apache.org
>>
>
>
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
Posted by Rob Tompkins <ch...@gmail.com>.
> On Jul 18, 2017, at 2:25 PM, Gary Gregory <ga...@gmail.com> wrote:
>
> There is no criteria for "not active"; either you are a committer or you
> are not per: https://people.apache.org/phonebook.html?unix=commons
>
It feels like a bad idea because we may have very old releases that could still be verified by using the archaic keys in the file.
My 2 cents,
-Rob
> Gary
>
>> On Tue, Jul 18, 2017 at 11:21 AM, Amey Jadiye <am...@gmail.com> wrote:
>>
>> I observed we have lot of keys in https://www.apache.org/dist/commons/KEYS
>> ,
>> even keys of developers who might have resigned from commons, can we just
>> review and remove keys of developers who resigned or no more active ?
>>
>> Regards,
>> Amey
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> For additional commands, e-mail: dev-help@commons.apache.org
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
Posted by Amey Jadiye <am...@gmail.com>.
How about developers who resigned ? It means whoever sent mail that they
are not willing to be the part of community.?
I think keeping keys of non-active developers of Ok.
Ex.
James have resigned http://commons.markmail.org/message/i2davy3nf4fr7xqp
But I can see his key.
pub 1024D/9EEDB2D5 2006-04-14
uid James Carman <jc...@apache.org>
sig 3 9EEDB2D5 2006-04-14 James Carman <jc...@apache.org>
sub 2048g/4240E713 2006-04-14
sig 9EEDB2D5 2006-04-14 James Carman <jc...@apache.org>
Also I see lot of people resigned here
http://commons.markmail.org/message/2fzh5qgwhppkdslj
Regards,
Amey
On Tue, Jul 18, 2017 at 11:55 PM, Gary Gregory <ga...@gmail.com>
wrote:
> There is no criteria for "not active"; either you are a committer or you
> are not per: https://people.apache.org/phonebook.html?unix=commons
>
> Gary
>
> On Tue, Jul 18, 2017 at 11:21 AM, Amey Jadiye <am...@gmail.com>
> wrote:
>
> > I observed we have lot of keys in https://www.apache.org/dist/
> commons/KEYS
> > ,
> > even keys of developers who might have resigned from commons, can we just
> > review and remove keys of developers who resigned or no more active ?
> >
> > Regards,
> > Amey
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > For additional commands, e-mail: dev-help@commons.apache.org
> >
>
--
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
Posted by Gary Gregory <ga...@gmail.com>.
There is no criteria for "not active"; either you are a committer or you
are not per: https://people.apache.org/phonebook.html?unix=commons
Gary
On Tue, Jul 18, 2017 at 11:21 AM, Amey Jadiye <am...@gmail.com> wrote:
> I observed we have lot of keys in https://www.apache.org/dist/commons/KEYS
> ,
> even keys of developers who might have resigned from commons, can we just
> review and remove keys of developers who resigned or no more active ?
>
> Regards,
> Amey
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
Re: [all] Removal of old pgp key from https://www.apache.org/dist/commons/KEYS
Posted by Jörg Schaible <jo...@bpm-inspire.com>.
Hi Amey
Amey Jadiye wrote:
> I observed we have lot of keys in
> https://www.apache.org/dist/commons/KEYS, even keys of developers who
> might have resigned from commons, can we just
> review and remove keys of developers who resigned or no more active ?
IMHO it depends on whether a key was used to sign a release.
Cheers,
Jörg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org