ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Selvamohan Neethiraj (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (RANGER-750) Spurious file in https://dist.apache.org/repos/dist/release/incubator/ranger/
Date Sun, 11 Sep 2016 21:41:20 GMT

    [ https://issues.apache.org/jira/browse/RANGER-750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15482449#comment-15482449

Selvamohan Neethiraj commented on RANGER-750:

[~sebb@apache.org] - I have updated the cwiki for the release instruction [https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=65867946]
as following:

If the signer's key is not in KEYS file in https://dist.apache.org/repos/dist/release/incubator/ranger/KEYS,
Update the KEYS file to add that the signer key using SVN.

please let me know if this instruction needs any change.

> Spurious file in https://dist.apache.org/repos/dist/release/incubator/ranger/
> -----------------------------------------------------------------------------
>                 Key: RANGER-750
>                 URL: https://issues.apache.org/jira/browse/RANGER-750
>             Project: Ranger
>          Issue Type: Bug
>         Environment: https://dist.apache.org/repos/dist/release/incubator/ranger/
>            Reporter: Sebb
>            Assignee: Selvamohan Neethiraj
> he directory https://dist.apache.org/repos/dist/release/incubator/ranger/ contains the
> download-keys.sh
> This does not belong on the ASF mirror system.
> Also the script is not suitable for downloading KEYS.
> The file https://people.apache.org/keys/group/ranger.asc is not guaranteed to contain
all the keys needed to validate a signature, because the file only contains the current keys
for the current members of the PPMC. However the KEYS file is also used for checking archived
releases so must contain all keys that have ever been used to sign a release.
> Please remove the script file, and ensure that the KEYS file contains all the keys for
every ASF release that has been made. Entries should never be dropped from KEYS files if they
have been used to sign a release.
> Thanks

This message was sent by Atlassian JIRA

View raw message