Hi Sebb(TEST) > On Feb 18, 2024, at 16:18, sebb <seb...@gmail.com> wrote: > > On Sun, 18 Feb 2024 at 23:46, sebbaz(Test) <sebbaz+t...@gmail.com > <mailto:sebbaz+t...@gmail.com>> wrote: >> >> On Sun, 18 Feb 2024 at 17:14, Craig Russell <apache....@gmail.com> wrote: >>> >>> As you might have notices, we received an SGA signed with a GPG key. Whimsy >>> verified the key but as far as I can see, the filing process did not store >>> the key in the repository. >> >> Note that all the sig checks are done in the same routine, which saves >> the key if it was successfully imported. >> >> It tried to save the SGA key, but failed; there was a problem with the >> credentials (which I will try to fix).
I did notice that there was some permissions problem with the __keys__ directory but reloading the whimsy page seemed to fix it. >> >> Was no error reported? No error. It just seemed like the SGA code did not try to save the key. >> >>> Perhaps we should change the name of the key repository to reflect that any >>> of several documents might be signed, and change the code to store the key >>> if it is used to sign any of the documents. >>> >> >> The __keys__ directory is currently under iclas; perhaps it should be >> moved to the same level as the iclas, cclas and grants. Yes, please. > > Upon further checking, this would entail setting up a new entry SVN > auth entry with the appropriate permissions; not sure it's worth it. Thanks for checking. If it's not too much work, moving the __keys__ directory a level above would make sense to me. Thanks, Craig > >>> WDYT? >>> >>> Craig L Russell >>> c...@apache.org <mailto:c...@apache.org> Craig L Russell c...@apache.org
