I suggest that the release manager and anyone else in the KEYS file should have added key fingerprints to their Apache profiles at <https://id.apache.org/>.
This will have their PGP keys refreshed regularly under their Apache ID at <https://people.apache.org/keys/committer/>. With regard to an identifiable association of the key, presence in this manner connects the PGP key to The Apache ID by demonstration of control over the committer's Apache profile. One can go farther by adding the user...@apache.org to an User-ID on the key. Verifying that one has control over that e-mail address (and all User-IDs) Is done by registering the public key at the PGP Global Directory service at <https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event> and completing the ceremony specified there. After the ceremony is completed, you can retrieve your counter-signed PGP key from that service and synchronize it to a public PGP key server. The ASF will pick it up on a future refresh. Use of the key from the Apache ID list has certain valuable properties. It is not fixed, as in the key files in the project and in distributions. That means any additional (web-of-trust) certifications of the keys association with a committer are updated automatically. That includes any revocations. -- Dennis E. Hamilton dennis.hamil...@acm.org +1-206-779-9430 https://keybase.io/orcmid PGP F96E 89FF D456 628A X.509 certs used and requested for signed e-mail -----Original Message----- From: Justin Mclean [mailto:jus...@classsoftware.com] Sent: Sunday, October 12, 2014 22:29 To: general@incubator.apache.org Subject: Re: [VOTE] Release Apache Calcite 0.9.1 (incubating) Hi, > First, the signing key is present in SVN, but has not been uploaded to the > standard key-servers, nor has it been signed by anyone. I found it here: https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index Even if the key is part of a web trust it may not be part of everyone's web of trust. I'd see that as a hard requirement to meet. Thanks, Justin --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
