On 23 September 2013 21:57, Marvin Humphrey <mar...@rectangular.com> wrote: >> On Wed, Sep 18, 2013 at 8:25 PM, Dave Brondsema <d...@brondsema.net> wrote: >> >>> Do you have a KEYS file posted somewhere besides within the release? > > Thanks for a good spot and thoughtful observation, Dave. This is worth > discussing. > > MHO: supplying a KEYS file within the source archive is worthless at best.
+1 > On Wed, Sep 18, 2013 at 9:50 PM, Ted Dunning <ted.dunn...@gmail.com> wrote: >> It is in version control as per custom. Drill uses git so it might not be >> quite as obvious if you are used to SVN. >> >> See, for instance, >> >> https://git-wip-us.apache.org/repos/asf?p=incubator-drill.git;a=blob;f=KEYS;h=205469b84b8bda60fcb87486182d4fb7caf0485d;hb=HEAD > > There may be precedent but it seems to me that including a KEYS file within > a source archive shouldn't be considered a best practice. (For the record, > so long as the KEYS file is available from somewhere else safe, I don't think > the issue blocks Drill's release candidate.) The canonical place for KEYS files is the distribution area. This is automatically archived, so the KEYS file is available for use with archives as well. > Now that changes to our distribution area are captured via version control > (dist.apache.org), is there any reason to maintain KEYS in the master branch > any more? +1 > There was talk a while back of transitioning to an LDAP-centric key scheme, > but there are flaws with that approach: former RMs who leave the community > suddenly causing the key needed for an old release to become unavailable, etc. Indeed. > Marvin Humphrey > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
