Re: [eclipse.org-planning-council] September call

[Jonah Graham <jonah@xxxxxxxxxxxxxxxx>]

Hi Mélanie and fellow planning council members,

Unfortunately tomorrow (Monday) is a holiday here and I cannot attend the meeting. I don't think I have too much unique experience in this case.

For the technical aspect of signing, IMHO the planning council should mandate that one of the methods that the Eclipse Platform (p2?) supports must be used to meet the requirement  "Build artifacts made available at the Eclipse Foundation are verifiably the ones built by respective projects." and that as the Eclipse Platform (p2?) adds new methods of doing such verification, that SimRel should allow them. In practice (IIUC) for now that means jarsigning as it has always been done, but if and when GPG signing is implemented, then that could be used by projects instead. That would allow new methods of verifying as the Eclipse project evolves.

On the technical aspects of GPG, there is the question of maintaining a keyring or other web of trust. The EF already manages some GPG keys for projects.

Sorry I cannot attend the meeting,

Jonah

~~~
Jonah Graham
Kichwa Coders
www.kichwacoders.com

On Tue, 31 Aug 2021 at 11:29, Mélanie Bats <melanie.bats@xxxxxxx> wrote:

Thanks all for your quick answer!

I moved it to monday 6th at 16:30 as I would like to clarify this point
with all of you before the next WG meeting which occurs on tuesday 7th.

Best regards,
--
Mélanie Bats
CTO
+33 7 87 69 42 84
@melaniebats

*Obeo*
25 Boulevard Victor Hugo - Colomiers - France
http://www.obeo.fr
_______________________________________________
eclipse.org-planning-council mailing list
eclipse.org-planning-council@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/eclipse.org-planning-council