Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarifications #334

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Clarifications #334

wants to merge 4 commits into from

Conversation

sebbASF
Copy link
Contributor

@sebbASF sebbASF commented Dec 28, 2023

No description provided.

@sebbASF sebbASF requested a review from rvs December 28, 2023 17:58
tisonkun
tisonkun reviewed Jan 8, 2024
View reviewed changes
content/legal/release-policy.md
All supplied packages MUST be cryptographically signed with a detached signature.
It MUST be signed by either the Release Manager or the automated release
All supplied packages MUST be cryptographically signed with an ASCII-armored detached signature.
They MUST be signed by either the Release Manager or the automated release
Copy link
Member

@tisonkun tisonkun Jan 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we mention that a RM signature should use <username>@apache.org as its mail address?

Also, how do we view/recomment a multiple addresses signature, like:

apache-pekko-grpc-1.0.2-incubating-src-20231229.tgz
gpg: Signature made 六 12/30 00:39:42 2023 CST
gpg:                using RSA key 6BA4DA8B1C88A49428A29C3D0C69C1EF41181E13
gpg: Good signature from "PJ Fanning (GitHub noreply address) <[email protected]>" [unknown]
gpg:                 aka "PJ Fanning <[email protected]>" [unknown]
gpg:                 aka "PJ Fanning (http://www.apache.org/) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6BA4 DA8B 1C88 A494 28A2  9C3D 0C69 C1EF 4118 1E13

@wu-sheng once found that such a signature may not display fully on some signature viewers (that display only the first mail address).

@bproffitt
Copy link
Contributor

@rvs Bump

@sebbASF sebbASF mentioned this pull request Apr 3, 2024
Merged
@tisonkun tisonkun mentioned this pull request Apr 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tisonkun tisonkun tisonkun left review comments

@raboof raboof raboof left review comments

@rvs rvs Awaiting requested review from rvs

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sebbASF @bproffitt @raboof @tisonkun