On 04/27/2011 02:42 AM, Daniel Shahaf wrote: > We're planning to encourage key signing during the hackathon week. > To facilitate this, we'd like to collect all the key fingerprints in > advance, in order to prepare and distribute a $spreadsheet with > fingerprints to attendees. > > At this point I'd like to suggest to collect the PGP keys in the tree. > This is in line with ASF practice, allows for more easily verifying > our releases' signatures, and makes collecting keys a once-and-for-all > task. > > So, I propose that we recommend committers to add their then-current > preferred PGP keys (used for key signing and release signing, feel free > to add other keys if you want) to ^/subversion/site/keys/$username.asc .
I wonder if we couldn't reduce data duplication by instead recommending that committers update their Apache-wide FOAF data with this information? (See http://people.apache.org/foaf/index.html for instructions.) -- C. Michael Pilato <cmpil...@collab.net> CollabNet <> www.collab.net <> Distributed Development On Demand
signature.asc
Description: OpenPGP digital signature
