On Fri, 15 Mar 2019 at 00:09, Nick Kew <n...@apache.org> wrote: > > > > > On 14 Mar 2019, at 17:49, Dave Fisher <w...@apache.org> wrote: > > > > Hi - > > > > I’ve been reviewing releases and you are missing your KEYS file from > > https://dist.apache.org/repos/dist/release/incubator/myriad/ > > <https://dist.apache.org/repos/dist/release/incubator/myriad/> > > > > Your site should refer users to the KEYS file at > > https://www.apache.org/dist/incubator/myriad/KEYS > > <https://www.apache.org/dist/incubator/myriad/KEYS> > > ASF maintains foundation-wide keys at > https://people.apache.org/keys/committer/ . > Isn't that a better resource to reference than for individual projects to > replicate KEYS? > Especially for the many folks who are involved with multiple projects!
The KEYS file only needs to contain keys for people who sign releases. Also it needs to be stored on the archive server so people can validate historic releases. For this reason, keys should not be removed from the file. The key files at people.apache.org are not really suitable for download validation. > -- > Nick Kew > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
