On 04/27/2011 02:42 AM, Daniel Shahaf wrote:
> We're planning to encourage key signing during the hackathon week.
> To facilitate this, we'd like to collect all the key fingerprints in
> advance, in order to prepare and distribute a $spreadsheet with
> fingerprints to attendees.
>
> At this point I'd like to suggest to collect the PGP keys in the tree.
> This is in line with ASF practice, allows for more easily verifying
> our releases' signatures, and makes collecting keys a once-and-for-all
> task.
>
> So, I propose that we recommend committers to add their then-current
> preferred PGP keys (used for key signing and release signing, feel free
> to add other keys if you want) to ^/subversion/site/keys/$username.asc .
I wonder if we couldn't reduce data duplication by instead recommending that
committers update their Apache-wide FOAF data with this information? (See
http://people.apache.org/foaf/index.html for instructions.)
--
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Received on 2011-05-02 19:21:01 CEST