Apache OpenOffice (AOO) Bugzilla – Full Text Issue Listing |
Summary: | Missing keys for Linux builds in dist/openoffice/KEYS | ||
---|---|---|---|
Product: | Infrastructure | Reporter: | Ariel Constenla-Haile <arielch> |
Component: | Downloads | Assignee: | jsc |
Status: | CLOSED FIXED_WITHOUT_CODE | QA Contact: | |
Severity: | Critical | ||
Priority: | P1 (highest) | CC: | issues, orcmid |
Version: | current | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
Issue Type: | DEFECT | Latest Confirmation in: | --- |
Developer Difficulty: | --- |
Description
Ariel Constenla-Haile
2013-08-29 01:29:40 UTC
I agree and I changed the link to the KEY file and use now the one from the people.apache.org server https://people.apache.org/keys/group/openoffice.asc "marcus" committed SVN revision 1518809 #123134# Updated link "marcus" committed SVN revision 1518810 #123134# Updated link I've changed the link also on the download webpages. (In reply to Marcus from comment #4) > I've changed the link also on the download webpages. The policy on KEYS files is to *not* use the group keys location. The KEYS file at dist/openoffice/KEYS should have only keys that have ever been used to sign releases and no such key should be removed. That is, the KEYS file at dist/openoffice/KEYS is cumulative. That is so an old release can still be checked. (To detect a revocation, the latest version is needed from a key server though.) The KEYS file at group/openoffice.asc will have keys removed when a committer removes that key from their profile or when the committer retires from Apache OpenOffice. See <https://people.apache.org/keys/> for details. It might not be necessary to do anything about the current dist/openoffice/KEYS, even if it now has more KEYS than have been used on releases made at Apache OpenOffice since incubation started. |