> On Jul 24, 2017, at 12:23 PM, Matteo Merli <mme...@apache.org> wrote: > > On Mon, Jul 24, 2017 at 11:39 AM, Dave Fisher <dave2w...@comcast.net> wrote: >> >>> Does for podlings work in the same way as for TLPs? Should we design a >>> release manager? >> >> Yes. I see you created a KEYS file. If someone else is Release Manager >> then they can add their key as well. >> >> BTW - Is your Key Signed and in the Web of Trust? >> > > Dave, I have created the key as per http://apache.org/dev/openpgp.html > and I have summarized the steps into a wiki page at > https://github.com/apache/incubator-pulsar/wiki/Create-GPG-keys-to-sign-release-artifacts > > I didn't see how to sign the key itself and didn't get a chance to exchange > it.
Someone else would need to sign your key after physically validating your IDs. This is not an absolute requirement. Where in the world are you located? Regards, Dave
signature.asc
Description: Message signed with OpenPGP