On Sun, Oct 12, 2014 at 10:28 PM, Justin Mclean
<jus...@classsoftware.com> wrote:
> Even if the key is part of a web trust it may not be part of everyone's web
> of trust. I'd see that as a hard requirement to meet.
The last time this came up, Daniel Shahaf suggested an excellent solution:
http://s.apache.org/U57
No one said that a release need have only one signature...
1) RM prepares tarball, signs, uploads for voting
2) voting passes
3) mentor appends his signature to the .asc file
4) artifacts posted to dist/
That solves the problem for end users until the RM attends a keysigning
party.
Marvin Humphrey
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
