We should ensure that AOO people join the keysignings @ ApacheCon > On Oct 8, 2016, at 9:08 AM, Andrea Pescetti <pesce...@apache.org> wrote: > > This is not a blocker for the release (and moreover signature files are > explicitly allowed to be updated during the release vote if needed), but I > couldn't verify signatures in a straightforward way for source packages. > > One of the signatures is mine; no problem with that, and that itself is > enough to prove integrity for release approval purposes. > > Patricia's one, according to my GPG, is done with a key having a short ID of > 02703386; I couldn't find the public key in the usual places, so I couldn't > verify this one. > > Again, this is not a blocker issue since one key is enough, but public keys > used for signing releases are expected to be found at: > http://www.apache.org/dist/openoffice/KEYS > or (secondary resource) at > https://people.apache.org/keys/committer/ > > The former contains my key and another key by Patricia (short ID A57935C5); > the latter contains the same key by Patricia - it doesn't contain mine since > I never bothered uploading it again to enforce the long IDs and I now see > that someone decided to remove the keys that only had a short ID, I'll fix it > later today. > > Where can I find the matching public key by Patricia? It should be added in > SVN to > https://dist.apache.org/repos/dist/release/openoffice/KEYS > which (I believe) maps to the first URL I listed. There is surely a way to do > it without a full checkout, but I didn't check details. > > Regards, > Andrea. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org >
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
