16 Aug
2011
16 Aug
'11
4:21 p.m.
Hi,
+1 for every release manager to have his own key.
Though I think that there should be an "XWiki.org" key that is kept
only by one person and that is used to sign the release managers keys.
In this way artifacts will be marked as released by somebody that is
also trusted by XWiki.org.
-Fabio
On Mon, Aug 15, 2011 at 6:04 PM, Caleb James DeLisle
<calebdelisle(a)lavabit.com> wrote:
On 08/15/2011 11:42 AM, Sergiu Dumitriu wrote:
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
On 08/15/2011 11:19 AM, Vincent Massol wrote:
+1
I really don't like the "one key on the release box" idea.
IMO each release manager should sign with their key which ofc never leaves their own
computer.
Caleb
Hi,
I think we should start signing our artifacts using PGP as explained here:
https://docs.sonatype.org/display/Repository/How+To+Generate+PGP+Signatures…
Here's my +1
+1.
Do we use only one key, installed on the release machine? It should be
protected by a strong passphrase.
Thanks
-Vincent
PS: I we agree I can commit the changes required to our top level POM to implement this
(I have them locally already)
PS2: When's the release user ready on one of the new agents?