This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============1976998257== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig8553CF6741369DB35E851920" This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig8553CF6741369DB35E851920 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 05/26/2010 11:28 AM, Andreas Pakulat wrote: > On 26.05.10 11:04:34, Joanna Rutkowska wrote: >> On 05/26/2010 10:54 AM, Andreas Pakulat wrote: >>> On 26.05.10 02:50:18, Joanna Rutkowska wrote: >>>> On 05/26/2010 02:31 AM, Michael Pyne wrote: >>>>> As far as those who *do* package KDE (the Release Team) they have t= heir own=20 >>>>> mailing list where this idea would be better brought up (release- >>>>> team@kde.org). >>>> >>>> But I need the signature from the original authors >>>> (commiters/release-managers). >>> >>> As was said, thats technically not feasible at the moment, let alone >>> that it would increase the barrier of entry quite a bit for >>> commit-access to KDE. We're very different here in comparison to the >>> linux kernel as we have lots of people with access rights to the main= >>> repository, while in the case of the linux kernel basically only Linu= s >>> merges stuff into the mainline repository.=20 >>> >>> So signing the tarballs would be done with a KDE key by whoever does = the >>> release (thats one person usually right now). But this only covers th= e >>> trunk/KDE/kde* modules, not any extragear and other apps as those are= >>> done by other people usually. >>> >> >> Can you explain (or point me to an appropriate document) how is the >> release process done in KDE project? Who decides that you're releasing= a >> particular version at a particular time? Who builds and uploads the >> final stable tarball? Who hits the "Enter" button? >=20 > This is all done by the already-mentioned release-team on the already > mentioned release-team mailinglist. Someone proposes a release-schedule= , > its discussed and then put up on our techbase.kde.org server. Beyond > that there's no "rules" who creates/uploads the tarballs, but most of > the time its done by Dirk Mueller. This procedure however is only > applicable for the main KDE modules (trunk/KDE/*), apps from extragear > may have their own process. >=20 Fair enough -- I will write a signing process proposal and send to release-team list. However, I would appreciate if somebody could tell me how to subscribe to that list -- I just tried the usual way (sending a mail to listname-request@kde.org), but got this error: Hi. This is the qmail-send program at ktown.kde.org. I'm afraid I wasn't able to deliver your message to the following address= es. This is a permanent error; I've given up. Sorry it didn't work out. : Sorry, no mailbox here by that name. (#5.1.1) j. --------------enig8553CF6741369DB35E851920 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkv8+HkACgkQORdkotfEW84E1wCggcf+V2OiBKp6jc/6m+bXE2St 920An1KortpAp8RzLjwjIIEx2YP//cW1 =nr/o -----END PGP SIGNATURE----- --------------enig8553CF6741369DB35E851920-- --===============1976998257== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe << --===============1976998257==--