I don’t have google meet and I can’t use Skype since Microsoft hosed my authentication. I have zoom. My company uses Amazon Chime, which is fairly new, as part of our product offering. I’ve sent you both emails for a meeting using that.
Ralph > On Sep 20, 2020, at 1:01 PM, Matt Sicker <boa...@gmail.com> wrote: > > I sent a Google Meet invite to you. > > On Sun, 20 Sep 2020 at 14:26, Davyd McColl <dav...@gmail.com> wrote: >> >> I'm happy to be available at 8am my side, if that works for everyone else. >> It sounds like earlier would be better, but I'm doing the morning school >> run from 7am and can't guarantee I'll be back significantly before 8am. >> >> How to do this? I have zoom and slack on my work machine, can install >> Skype if that's more convenient, can do google meet, I assume, though >> haven't ever tried, so may need a bit of a crash intro. >> >> If posting meeting details to the mailing list is not on, feel free to >> email me directly (: >> >> -d >> >> >> On September 20, 2020 20:58:29 Ralph Goers <ralph.go...@dslextreme.com> >> wrote: >> >>> 8am in Durban South Africa is 11pm the night before in Phoenix AZ. >>> However, I frequently am up until midnight so that could work. 5-5:30 pm is >>> 7:30-8 am in Phoenix. I usually am not in front of my computer on a weekday >>> until 8 am but on occasion I can do earlier. >>> >>> Ralph >>> >>>> On Sep 20, 2020, at 9:46 AM, Davyd McColl <dav...@gmail.com> wrote: >>>> >>>> Any time 08h00 - 17h30 utc+2, except 13h00-14h00 (that's when I fetch my >>>> son from school) >>>> >>>> -d >>>> >>>> >>>> On September 20, 2020 18:44:19 Matt Sicker <boa...@gmail.com> wrote: >>>> >>>>> We’re not quite as strict as Debian for keys (though if you can find a >>>>> Debian group locally, they’re great for key signing). The video call idea >>>>> could work for exchanging keys. What times would you be available to do >>>>> that? >>>>> >>>>> On Sun, Sep 20, 2020 at 03:09 Davyd McColl <dav...@gmail.com> wrote: >>>>> >>>>>> Hi Ralph >>>>>> >>>>>> >>>>>> >>>>>> I think I miscommunicated: I'm not regenerating my signing key - just the >>>>>> >>>>>> nuget API key for package upload. This forces me to log in in nuget.org >>>>>> >>>>>> which has 2fa and then I only use that key on the cli for the immediate >>>>>> upload. >>>>>> >>>>>> >>>>>> >>>>>> My gpg key as at https://GitHub.com/fluffynuts.gpg is the same that I >>>>>> used >>>>>> >>>>>> last time. >>>>>> >>>>>> >>>>>> >>>>>> -d >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On September 20, 2020 09:01:36 Ralph Goers <ralph.go...@dslextreme.com> >>>>>> wrote: >>>>>> >>>>>> >>>>>> >>>>>>> In the long run you don’t want to be regenerating your signing key for >>>>>> >>>>>>> every release. The point is that you would upload the key to a central >>>>>> >>>>>>> keystore and other people would sign it there. At ApacheCon we would >>>>>> have a >>>>>> >>>>>>> key signing “party” where we recorded each others keys and then would >>>>>> take >>>>>> >>>>>>> our list and update the central keystore. When people verify the key >>>>>> they >>>>>> >>>>>>> can look at the keystore and see that it is signed by a number of >>>>>> people, >>>>>> >>>>>>> who then have their keys by a number of people and so on so you are >>>>>> >>>>>>> building a web of trust. Sooner or later there will be someone in that >>>>>> web >>>>>> >>>>>>> that you personally know and trust. >>>>>> >>>>>>> >>>>>> >>>>>>> Ralph >>>>>> >>>>>>> >>>>>> >>>>>>>> On Sep 19, 2020, at 11:26 PM, Davyd McColl <dav...@gmail.com> wrote: >>>>>> >>>>>>>> >>>>>> >>>>>>>> Thanks Matt, I've updated the artifacts on GitHub to have detached >>>>>> >>>>>>>> signatures. I had previously also uploaded my key to >>>>>>>> sks-keyservers.net, >>>>>> >>>>>> >>>>>>>> but I've also uploaded to MIT, though search there always times out. >>>>>> >>>>>>>> >>>>>> >>>>>>>> The document you've linked mentions face-to-face interactions to get my >>>>>> key >>>>>> >>>>>>>> into the official KEYS file. Not sure how many apache people are at my >>>>>> end >>>>>> >>>>>>>> of the world (Durban, South Africa), but I can do an online meeting if >>>>>> that >>>>>> >>>>>>>> helps. Last release, Ralph said I should sign, so I did. I'm new to >>>>>> signing >>>>>> >>>>>>>> release artifacts - I've generally relied on authentication during >>>>>> upload >>>>>> >>>>>>>> as verification of authenticity, with 2FA wherever possible (GitHub and >>>>>> >>>>>>>> NPM; nuget survives with an apikey - but for the last 2 releases, I've >>>>>> >>>>>>>> regenerated the key on each use and only supplied it on the cli at >>>>>> upload, >>>>>> >>>>>>>> so as not to store it locally) >>>>>> >>>>>>>> >>>>>> >>>>>>>> -d >>>>>> >>>>>>>> >>>>>> >>>>>>>> >>>>>> >>>>>>>> On September 19, 2020 22:23:41 Matt Sicker <boa...@gmail.com> wrote: >>>>>> >>>>>>>> >>>>>> >>>>>>>>> Oh and there's a bit of an issue with the signed files: it looks like >>>>>> >>>>>>>>> you included _signed files_ rather than detached signatures. Thus, the >>>>>> >>>>>>>>> .asc files are only verifying themselves rather than the accompanying >>>>>> >>>>>>>>> file. >>>>>> >>>>>>>>> >>>>>> >>>>>>>>> There's a --detached option in gpg for this (yeah, it's always had a >>>>>> bad UI). >>>>>> >>>>>>>>> >>>>>> >>>>>>>>> On Sat, 19 Sep 2020 at 15:19, Matt Sicker <boa...@gmail.com> wrote: >>>>>> >>>>>>>>>> >>>>>> >>>>>>>>>> The KEYS file [1] that's linked on the download page does not have >>>>>> >>>>>>>>>> your key in it. Neither does other KEYS file [2]. Check out [3] for >>>>>> >>>>>>>>>> more info. >>>>>> >>>>>>>>>> >>>>>> >>>>>>>>>> [1]: https://downloads.apache.org/logging/log4net/KEYS >>>>>> >>>>>>>>>> [2]: https://downloads.apache.org/logging/KEYS >>>>>> >>>>>>>>>> [3]: https://infra.apache.org/release-signing.html#keys-policy >>>>>> >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> >>>>>>>>>> On Sat, 19 Sep 2020 at 12:48, Davyd McColl <dav...@gmail.com> wrote: >>>>>> >>>>>>>>>>> >>>>>> >>>>>>>>>>> Thanks Matt, I've done so. Hopefully that makes it easier to verify >>>>>> >>>>>>>>>>> artifacts that I have signed. >>>>>> >>>>>>>>>>> >>>>>> >>>>>>>>>>> -d >>>>>> >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> >>>>>>>>>>> On September 18, 2020 23:11:48 Matt Sicker <boa...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>>>>>> >>>>>> >>>>>>>>>>>> If you upload your key to your GitHub profile, that also makes it >>>>>> >>>>>>>>>>>> simple to find. For example, just add ".gpg" to your profile URL: >>>>>> >>>>>>>>>>>> https://github.com/fluffynuts.gpg >>>>>> >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> On Fri, 18 Sep 2020 at 16:08, Remko Popma <remko.po...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> +1 remko >>>>>> >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> On Sat, Sep 19, 2020 at 5:56 AM Matt Sicker <boa...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>> How about your gpg key? I don't think we've imported that to >>>>>> the KEYS >>>>>> >>>>>>>>>>>>>> file as far as I can tell? >>>>>> >>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>> On Fri, 18 Sep 2020 at 15:53, Matt Sicker <boa...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>> Oh sorry, I didn't notice that you uploaded them there >>>>>> (wasn't even >>>>>> >>>>>>>>>>>>>>> aware that it was possible to be honest). >>>>>> >>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>> On Fri, 18 Sep 2020 at 14:43, Davyd McColl <dav...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>> Hi Matt >>>>>> >>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>> Release artifacts are available on the GitHub release page >>>>>> >>>>>>>>>>>>>>>> (https://GitHub.com/Apache/logging-log4net/releases) - >>>>>> expand the >>>>>> >>>>>>>>>>>>>> assets >>>>>> >>>>>>>>>>>>>>>> list if it's collapsed. >>>>>> >>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>> I'll need someone to upload them to the downloads source >>>>>> as I >>>>>> >>>>>>>>>> think I >>>>>> >>>>>>>>>>>>>> don't >>>>>> >>>>>>>>>>>>>>>> have access to do so (if I'm wrong, I'd love to be >>>>>> corrected, >>>>>> >>>>>>>>>> because >>>>>> >>>>>>>>>>>>>> I'd >>>>>> >>>>>>>>>>>>>>>> be less of an annoyance then!). Ralph has stepped in to >>>>>> help here in >>>>>> >>>>>>>>>>>>>> the past. >>>>>> >>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>> -d >>>>>> >>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>> On September 18, 2020 20:09:07 Matt Sicker < >>>>>> boa...@gmail.com> wrote: >>>>>> >>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>>> Do you have links to the release artifacts? The download >>>>>> page >>>>>> >>>>>>>>>> links >>>>>> >>>>>>>>>>>>>> to >>>>>> >>>>>>>>>>>>>>>>> the live site which doesn't have the artifacts yet since >>>>>> >>>>>>>>>> they're not >>>>>> >>>>>>>>>>>>>>>>> released yet. :) >>>>>> >>>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>>> On Fri, 18 Sep 2020 at 09:05, Davyd McColl >>>>>> >>>>>>>>>> <davyd.mcc...@codeo.co.za> >>>>>> >>>>>>>>>>>>>> wrote: >>>>>> >>>>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>>>> Hi all >>>>>> >>>>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>>>> I have another potential release available: 2.0.11, >>>>>> tagged as >>>>>> >>>>>>>>>>>>>> rc/2.0.11 >>>>>> >>>>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>>>> Changes are really minor: >>>>>> >>>>>>>>>>>>>>>>>> - fixed assembly versioning (all assemblies should >>>>>> report >>>>>> >>>>>>>>>> 2.0.11.0 >>>>>> >>>>>>>>>>>>>> as their >>>>>> >>>>>>>>>>>>>>>>>> version now) >>>>>> >>>>>>>>>>>>>>>>>> - properly dispose of StreamWriters within logging >>>>>> appenders >>>>>> >>>>>>>>>>>>>> (thanks to >>>>>> >>>>>>>>>>>>>>>>>> @NicholasNoise) >>>>>> >>>>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>>>> Binaries are up at >>>>>> >>>>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>> https://github.com/apache/logging-log4net/releases/tag/rc%2F2.0.11 >>>>>> >>>>>>>>>>>>>> and I've >>>>>> >>>>>>>>>>>>>>>>>> pushed to asf-staging for logging, now up at >>>>>> >>>>>>>>>>>>>>>>>> >>>>>> https://logging.staged.apache.org/log4net/download_log4net.html >>>>>> >>>>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>>>> Thanks >>>>>> >>>>>>>>>>>>>>>>>> -d >>>>>> >>>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>>>> -- >>>>>> >>>>>>>>>>>>>>>>> Matt Sicker <boa...@gmail.com> >>>>>> >>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>>> -- >>>>>> >>>>>>>>>>>>>>> Matt Sicker <boa...@gmail.com> >>>>>> >>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>>> -- >>>>>> >>>>>>>>>>>>>> Matt Sicker <boa...@gmail.com> >>>>>> >>>>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> -- >>>>>> >>>>>>>>>>>> Matt Sicker <boa...@gmail.com> >>>>>> >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> >>>>>>>>>> -- >>>>>> >>>>>>>>>> Matt Sicker <boa...@gmail.com> >>>>>> >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> >>>>>>>>> -- >>>>>> >>>>>>>>> Matt Sicker <boa...@gmail.com> >>>>>> >>>>>>> >>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>> Matt Sicker <boa...@gmail.com> >>> >>> > > > > -- > Matt Sicker <boa...@gmail.com> >
