linux-traipu team mailing list archive

Thread
Date

[Bug 1266204] Re: official signing key for source tarball

To: linux-traipu@xxxxxxxxxxxxxxxxxxx
From: Patrick Crews <1266204@xxxxxxxxxxxxxxxxxx>
Date: Tue, 07 Jan 2014 00:25:08 -0000
Reply-to: Bug 1266204 <1266204@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

:/ My previous comment was somehow lost. Apologies.
To repeat:
We have a number of developers that work on releases, Vijay being one of them.
I do apologize for any confusion related to the veracity of our tarballs, but iirc, launchpad will not allow someone to create a tarball release unless they have appropriate permissions within the project, which should provide some comfort.

This might be a good feature request for launchpad - to provide a list of those gpg-keys / users that are approved releasers, but at the moment, I believe all we have is this:
https://launchpad.net/+help-registry/verify-downloads.html

I hope this helps. Leaving the bug as 'in progress'.

--
You received this bug notification because you are a member of UBUNTU -
AL - BR, which is subscribed to Drizzle.
https://bugs.launchpad.net/bugs/1266204

Title:
official signing key for source tarball

Status in A Lightweight SQL Database for Cloud Infrastructure and Web Applications:
In Progress

Bug description:
First, thanks for providing also a signature file for your source.

However, I'm currently experiencing troubles to find out which gpg key
is allowed for signing the tarball.

While the one currently used (signed by Vijay Samuel) is probably OK,
I cannot find the documentation/information to backup this.

The only reference to a signing key for drizzle is to this one, 06899068 in the
PPA for Drizzle-developers (https://launchpad.net/~drizzle-developers/+archive/ppa).

Thanks for clarifying

--
coldtobi

To manage notifications about this bug go to:
https://bugs.launchpad.net/drizzle/+bug/1266204/+subscriptions

References

[Bug 1266204] [NEW] official signing key for source tarball
From: coldtobi, 2014-01-05