You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@myriad.apache.org by Dave Fisher <wa...@apache.org> on 2019/03/14 17:49:41 UTC
Releases Require KEYS Files
Hi -
I’ve been reviewing releases and you are missing your KEYS file from https://dist.apache.org/repos/dist/release/incubator/myriad/ <https://dist.apache.org/repos/dist/release/incubator/myriad/>
Your site should refer users to the KEYS file at https://www.apache.org/dist/incubator/myriad/KEYS <https://www.apache.org/dist/incubator/myriad/KEYS>
Please remedy the situation.
Regards,
Dave
Re: Releases Require KEYS Files
Posted by sebb <se...@gmail.com>.
On Fri, 15 Mar 2019 at 00:09, Nick Kew <ni...@apache.org> wrote:
>
>
>
> > On 14 Mar 2019, at 17:49, Dave Fisher <wa...@apache.org> wrote:
> >
> > Hi -
> >
> > I’ve been reviewing releases and you are missing your KEYS file from https://dist.apache.org/repos/dist/release/incubator/myriad/ <https://dist.apache.org/repos/dist/release/incubator/myriad/>
> >
> > Your site should refer users to the KEYS file at https://www.apache.org/dist/incubator/myriad/KEYS <https://www.apache.org/dist/incubator/myriad/KEYS>
>
> ASF maintains foundation-wide keys at https://people.apache.org/keys/committer/ .
> Isn't that a better resource to reference than for individual projects to replicate KEYS?
> Especially for the many folks who are involved with multiple projects!
The KEYS file only needs to contain keys for people who sign releases.
Also it needs to be stored on the archive server so people can
validate historic releases.
For this reason, keys should not be removed from the file.
The key files at people.apache.org are not really suitable for
download validation.
> --
> Nick Kew
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Releases Require KEYS Files
Posted by Dave Fisher <da...@comcast.net>.
> On Mar 14, 2019, at 5:11 PM, Nick Kew <ni...@apache.org> wrote:
>
>
>
>> On 14 Mar 2019, at 17:49, Dave Fisher <wa...@apache.org> wrote:
>>
>> Hi -
>>
>> I’ve been reviewing releases and you are missing your KEYS file from https://dist.apache.org/repos/dist/release/incubator/myriad/ <https://dist.apache.org/repos/dist/release/incubator/myriad/>
>>
>> Your site should refer users to the KEYS file at https://www.apache.org/dist/incubator/myriad/KEYS <https://www.apache.org/dist/incubator/myriad/KEYS>
>
> ASF maintains foundation-wide keys at https://people.apache.org/keys/committer/ .
> Isn't that a better resource to reference than for individual projects to replicate KEYS?
> Especially for the many folks who are involved with multiple projects!
These are the KEYS for the release managers of the podling/project so that the users of the download artifact can validate the signature.
We are following Release Distribution Policy. For fun you can take a look at checker.apache.org <http://checker.apache.org/>.
Some people don’t sign releases with their personal key, but use a code signing key. Often a podling RM is new to Apache … there is enough to teach.
Feel free to see about making the change, but this volunteer is not going to do a thing with changing that. ;-) If the ASF wants to pay a large amount of $ then I’ll think about. ;-)
Regards,
Dave
>
> --
> Nick Kew
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
Re: Releases Require KEYS Files
Posted by Nick Kew <ni...@apache.org>.
> On 14 Mar 2019, at 17:49, Dave Fisher <wa...@apache.org> wrote:
>
> Hi -
>
> I’ve been reviewing releases and you are missing your KEYS file from https://dist.apache.org/repos/dist/release/incubator/myriad/ <https://dist.apache.org/repos/dist/release/incubator/myriad/>
>
> Your site should refer users to the KEYS file at https://www.apache.org/dist/incubator/myriad/KEYS <https://www.apache.org/dist/incubator/myriad/KEYS>
ASF maintains foundation-wide keys at https://people.apache.org/keys/committer/ .
Isn't that a better resource to reference than for individual projects to replicate KEYS?
Especially for the many folks who are involved with multiple projects!
--
Nick Kew
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Releases Require KEYS Files
Posted by Dave Fisher <da...@comcast.net>.
Hi Justin,
SVN shows it was fixed after I sent the email:
$ svn log https://dist.apache.org/repos/dist/release/incubator/myriad
------------------------------------------------------------------------
r32935 | javiroman | 2019-03-14 12:10:14 -0700 (Thu, 14 Mar 2019) | 1 line
Apache Myriad KEYS file in releases folder
------------------------------------------------------------------------
r14086 | darinj | 2016-06-22 06:05:05 -0700 (Wed, 22 Jun 2016) | 1 line
Adding myriad-0.2.0-incubating.
------------------------------------------------------------------------
r11513 | smarella | 2015-12-09 22:51:00 -0800 (Wed, 09 Dec 2015) | 1 line
Adding myriad-0.1.0-incubating.
------------------------------------------------------------------------
r10875 | lresende | 2015-10-19 19:57:33 -0700 (Mon, 19 Oct 2015) | 1 line
+= myriad
------------------------------------------------------------------------
Regards,
Dave
> On Mar 14, 2019, at 3:32 PM, Justin Mclean <ju...@classsoftware.com> wrote:
>
> Hi,
>
>> I’ve been reviewing releases and you are missing your KEYS file from https://dist.apache.org/repos/dist/release/incubator/myriad/ <https://dist.apache.org/repos/dist/release/incubator/myriad/>
>>
>> Your site should refer users to the KEYS file at https://www.apache.org/dist/incubator/myriad/KEYS <https://www.apache.org/dist/incubator/myriad/KEYS>
>
> I looked at their release file yesterday and it has a KEYS file. [1], looks like the structure is just not quite what you expect.
>
> Thanks,
> Justin
>
> 1. https://dist.apache.org/repos/dist/release/incubator/myriad/KEYS
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Releases Require KEYS Files
Posted by Dave Fisher <da...@comcast.net>.
Hi -
> On Mar 14, 2019, at 3:42 PM, Justin Mclean <ju...@classsoftware.com> wrote:
>
> Hi,
>
> But this was there right? [1]
No.
$ svn log https://dist.apache.org/repos/dist/release/incubator/myriad/KEYS
------------------------------------------------------------------------
r32935 | javiroman | 2019-03-14 12:10:14 -0700 (Thu, 14 Mar 2019) | 1 line
Apache Myriad KEYS file in releases folder
------------------------------------------------------------------------
You must have seen it in the dev location:
$ svn log https://dist.apache.org/repos/dist/dev/incubator/myriad/KEYS
------------------------------------------------------------------------
r32640 | javiroman | 2019-02-25 23:02:25 -0800 (Mon, 25 Feb 2019) | 1 line
added GPG public key to the Apache Myriad KEYS file
------------------------------------------------------------------------
r13773 | darinj | 2016-05-24 18:10:18 -0700 (Tue, 24 May 2016) | 1 line
update KEYS file
------------------------------------------------------------------------
r10876 | smarella | 2015-10-20 17:14:46 -0700 (Tue, 20 Oct 2015) | 3 lines
Adding KEYS file for Myriad.
Got it?
Regards,
Dave
>
> Thanks,
> Justin
>
> 1. https://dist.apache.org/repos/dist/dev/incubator/myriad/KEYS
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Releases Require KEYS Files
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
But this was there right? [1]
Thanks,
Justin
1. https://dist.apache.org/repos/dist/dev/incubator/myriad/KEYS
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Releases Require KEYS Files
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
> I’ve been reviewing releases and you are missing your KEYS file from https://dist.apache.org/repos/dist/release/incubator/myriad/ <https://dist.apache.org/repos/dist/release/incubator/myriad/>
>
> Your site should refer users to the KEYS file at https://www.apache.org/dist/incubator/myriad/KEYS <https://www.apache.org/dist/incubator/myriad/KEYS>
I looked at their release file yesterday and it has a KEYS file. [1], looks like the structure is just not quite what you expect.
Thanks,
Justin
1. https://dist.apache.org/repos/dist/release/incubator/myriad/KEYS
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org