-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarifications #334
base: main
Are you sure you want to change the base?
Clarifications #334
Conversation
All supplied packages MUST be cryptographically signed with a detached signature. | ||
It MUST be signed by either the Release Manager or the automated release | ||
All supplied packages MUST be cryptographically signed with an ASCII-armored detached signature. | ||
They MUST be signed by either the Release Manager or the automated release |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we mention that a RM signature should use <username>@apache.org
as its mail address?
Also, how do we view/recomment a multiple addresses signature, like:
apache-pekko-grpc-1.0.2-incubating-src-20231229.tgz
gpg: Signature made 六 12/30 00:39:42 2023 CST
gpg: using RSA key 6BA4DA8B1C88A49428A29C3D0C69C1EF41181E13
gpg: Good signature from "PJ Fanning (GitHub noreply address) <[email protected]>" [unknown]
gpg: aka "PJ Fanning <[email protected]>" [unknown]
gpg: aka "PJ Fanning (http://www.apache.org/) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6BA4 DA8B 1C88 A494 28A2 9C3D 0C69 C1EF 4118 1E13
@wu-sheng once found that such a signature may not display fully on some signature viewers (that display only the first mail address).
@rvs Bump |
Apply comment
No description provided.