Bay area. Who can I get to sign it? Can any other Apache committer (or PMC
from other projects) do it?

--
Matteo Merli
<matteo.me...@gmail.com>

On Mon, Jul 24, 2017 at 12:27 PM, Dave Fisher <dave2w...@comcast.net> wrote:

>
> > On Jul 24, 2017, at 12:23 PM, Matteo Merli <mme...@apache.org> wrote:
> >
> > On Mon, Jul 24, 2017 at 11:39 AM, Dave Fisher <dave2w...@comcast.net>
> wrote:
> >>
> >>>  Does for podlings work in the same way as for TLPs? Should we design a
> >>> release manager?
> >>
> >> Yes. I see you created a KEYS file. If someone else is Release Manager
> >> then they can add their key as well.
> >>
> >> BTW - Is your Key Signed and in the Web of Trust?
> >>
> >
> > Dave, I have created the key as per http://apache.org/dev/openpgp.html
> > and I have summarized the steps into a wiki page at
> > https://github.com/apache/incubator-pulsar/wiki/Create-
> GPG-keys-to-sign-release-artifacts
> >
> > I didn't see how to sign the key itself and didn't get a chance to
> exchange
> > it.
>
> Someone else would need to sign your key after physically validating your
> IDs. This is not an absolute requirement. Where in the world are you
> located?
>
> Regards,
> Dave
>

Reply via email to