This is an automated email from the ASF dual-hosted git repository.
wave pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-docs.git
The following commit(s) were added to refs/heads/main by this push:
new 5895877 Update digital-signatures.md
5895877 is described below
commit 58958777ff2e58185e68c87e5b67c14c1a41597a
Author: Dave Fisher <dave2w...@comcast.net>
AuthorDate: Wed Feb 5 15:50:05 2025 -0800
Update digital-signatures.md
---
apache-trusted-release/digital-signatures.md | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/apache-trusted-release/digital-signatures.md
b/apache-trusted-release/digital-signatures.md
index 3f158dc..ae75bff 100644
--- a/apache-trusted-release/digital-signatures.md
+++ b/apache-trusted-release/digital-signatures.md
@@ -1,5 +1,16 @@
# Sign Candidate Phase
-For certain package types in a release the PMC wishes to add Digital
Signatures using approved and current services.
+For certain artifact types in a release the PMC wishes to add Digital
Signatures using approved and current services.
Currently ssl.com, but a google based one may be coming in the summer.
+
+## Policy
+
+- [Signing Releases](https://infra.apache.org/release-signing.html)
+- [Code Signing Services](https://infra.apache.org/services.html#code-signing)
+
+> Please validate with Infra that the "Code Signing Service" documents are up
to date.
+
+# Tasks
+
+For certain artifact types for certain channels it makes sense to make use of
digital signatures other than GPG detached signatures.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tooling.apache.org
For additional commands, e-mail: dev-h...@tooling.apache.org
