Uploaded image for project: 'JSPWiki'
  1. JSPWiki
  2. JSPWIKI-560

Developers tied into ASF PGP web of trust

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: Graduating
    • Component/s: None
    • Labels:
      None

      Activity

      Hide
      jalkanen Janne Jalkanen added a comment -

      Currently I think only I (Janne) have a signed PGP key within Apache's web-of-trust. We need to get others signed as well.

      Andrew, can you prepare a key for our next meeting, and I'll be happy to sign it?

      Show
      jalkanen Janne Jalkanen added a comment - Currently I think only I (Janne) have a signed PGP key within Apache's web-of-trust. We need to get others signed as well. Andrew, can you prepare a key for our next meeting, and I'll be happy to sign it?
      Hide
      metskem Harry Metske added a comment -

      For those of you who are not that familiar with it (including me), I found Henk Pennings explanation very useful : http://people.apache.org/~henkp/trust/

      Show
      metskem Harry Metske added a comment - For those of you who are not that familiar with it (including me), I found Henk Pennings explanation very useful : http://people.apache.org/~henkp/trust/
      Hide
      jalkanen Janne Jalkanen added a comment -

      Question: how many of us actually do need to be tied to the web of trust, anyway?

      Show
      jalkanen Janne Jalkanen added a comment - Question: how many of us actually do need to be tied to the web of trust, anyway?
      Hide
      metskem Harry Metske added a comment -

      a couple, say 3 or 4 ?

      Show
      metskem Harry Metske added a comment - a couple, say 3 or 4 ?
      Hide
      jalkanen Janne Jalkanen added a comment -

      Hm... So - Florian, Harry, Dirk, Andrew! You should try and hook up with your local Apache people and ask someone to sign a key... Or go to Apachecon. Or have your summer holidays in Finland

      Show
      jalkanen Janne Jalkanen added a comment - Hm... So - Florian, Harry, Dirk, Andrew! You should try and hook up with your local Apache people and ask someone to sign a key... Or go to Apachecon. Or have your summer holidays in Finland
      Hide
      clr Craig L Russell added a comment -

      The issue is not so much how many folks should be tied into the Apache WOT. Everyone who signs releases needs to have a key (duh) and any key used to sign a release should be tied into the WOT by being signed, and by having the owner sign others' keys.

      Then the question is how many signatures on your keys are enough. One is enough, but more is (are) better. Cross-signed keys are best.

      Show
      clr Craig L Russell added a comment - The issue is not so much how many folks should be tied into the Apache WOT. Everyone who signs releases needs to have a key (duh) and any key used to sign a release should be tied into the WOT by being signed, and by having the owner sign others' keys. Then the question is how many signatures on your keys are enough. One is enough, but more is (are) better. Cross-signed keys are best.
      Hide
      florianh Florian Holeczek added a comment -

      Unfortunately I couldn't have summer holidays in Finland But I met Apache committer Stefan Seelmann in Munich this week and we signed our keys.

      Show
      florianh Florian Holeczek added a comment - Unfortunately I couldn't have summer holidays in Finland But I met Apache committer Stefan Seelmann in Munich this week and we signed our keys.
      Hide
      metskem Harry Metske added a comment -

      That's nice Florian.

      I think 2 people in the project who can sign within the web of trust is nice, if you all agree we can close this one too.

      Show
      metskem Harry Metske added a comment - That's nice Florian. I think 2 people in the project who can sign within the web of trust is nice, if you all agree we can close this one too.
      Hide
      jalkanen Janne Jalkanen added a comment -

      Well done, Florian! I think two people is sufficient (that means that there is redundancy also for rolling releases).

      Show
      jalkanen Janne Jalkanen added a comment - Well done, Florian! I think two people is sufficient (that means that there is redundancy also for rolling releases).
      Hide
      jalkanen Janne Jalkanen added a comment -

      I think this is fine.

      Show
      jalkanen Janne Jalkanen added a comment - I think this is fine.

        People

        • Assignee:
          Unassigned
          Reporter:
          jalkanen Janne Jalkanen
        • Votes:
          0 Vote for this issue
          Watchers:
          0 Start watching this issue

          Dates

          • Created:
            Updated:
            Resolved:

            Development