[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

automatically verifying PGP sigs on dist.a.o Re: Moving our dist area to svnpubsub

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Mon, 13 Feb 2012 17:27:34 +0200

[CC += infra]

Hyrum K Wright wrote on Mon, Feb 13, 2012 at 09:08:26 -0600:
> On Mon, Feb 13, 2012 at 9:02 AM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
> > Currently we publish releases by uploading them to a specified directory
> > on scp://people.apache.org/.
> >
> > Infra would like to move from this model to a model where releases are
> > stored in a Subversion repository[1].
> >
> > I suggest that we join a few other PMC's who had already converted.  The
> > impact on us is that we'll be uploading releases by committing to
> > [1]/subversion, rather than by scp'ing them.  It will also shorten the
> > wait period on mirroring new releases from 25 hours to 24 hours.
> >
> > Barring objections I'll follow up with infra in a few days to make this
> > happen.
>
> That would be awesome. Despite my past obstinacy, I'm particularly
> attracted to the part where PMC members would be able to directly
> commit their signatures to the release area, where something (an
> svnpubsub instance?) then verifies the sigs.
>

+1.

As to the implementation: we could run something off of svnpubsub to
verify the signatures, but I wonder if it'd make more sense to do that
ASF-wide in the pre-commit hook on dist.apache.org. Infra people ---
thoughts?

> In addition to working with Infra, release.py would probably need to be updated.
>
> -Hyrum
>
>
> --
>
> uberSVN: Apache Subversion Made Easy
> http://www.uberSVN.com/
Received on 2012-02-13 16:28:19 CET

This is an archived mail posted to the Subversion Dev mailing list.