ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sebb (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-750) Spurious file in https://dist.apache.org/repos/dist/release/incubator/ranger/
Date Wed, 07 Sep 2016 23:32:20 GMT

    [ https://issues.apache.org/jira/browse/RANGER-750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15472137#comment-15472137

Sebb commented on RANGER-750:

As explained above, the KEYS file cannot be re-created as shown.

The KEYS file must contain all keys ever used to sign a release (it's also used for archived
However the group/ranger.asc file will only contain the current keys for the current members
of the LDAP group.

If a new key is used to sign a release, just add it to the existing KEYS file.
The list of keys is unlikely to change very frequently.

> Spurious file in https://dist.apache.org/repos/dist/release/incubator/ranger/
> -----------------------------------------------------------------------------
>                 Key: RANGER-750
>                 URL: https://issues.apache.org/jira/browse/RANGER-750
>             Project: Ranger
>          Issue Type: Bug
>         Environment: https://dist.apache.org/repos/dist/release/incubator/ranger/
>            Reporter: Sebb
>            Assignee: Selvamohan Neethiraj
> he directory https://dist.apache.org/repos/dist/release/incubator/ranger/ contains the
> download-keys.sh
> This does not belong on the ASF mirror system.
> Also the script is not suitable for downloading KEYS.
> The file https://people.apache.org/keys/group/ranger.asc is not guaranteed to contain
all the keys needed to validate a signature, because the file only contains the current keys
for the current members of the PPMC. However the KEYS file is also used for checking archived
releases so must contain all keys that have ever been used to sign a release.
> Please remove the script file, and ensure that the KEYS file contains all the keys for
every ASF release that has been made. Entries should never be dropped from KEYS files if they
have been used to sign a release.
> Thanks

This message was sent by Atlassian JIRA

View raw message