commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: [general] signing releases.
Date Wed, 14 Jul 2004 12:55:27 GMT

I'm not sure you need your key "confirmed."  I sign tomcat releases with
my key and have had users verify the signatures without a problem, even
though I never took extra steps to register my key anywhere or otherwise
"confirm" it.

Yoav Shapira
Millennium Research Informatics

>-----Original Message-----
>From: Gary Gregory []
>Sent: Tuesday, July 13, 2004 6:39 PM
>To: Jakarta Commons Developers List
>Subject: [general] signing releases.
>I am going through the steps [1] to release Commons-Codec 1.3 and I am
>wondering at how strictly other components have been following the
>WRT signing.
>In particular, in step 8 "Verify signatures.", I get the same results
>for my local copy of codec 1.3 as for lang 2.0 when I do the following:
># gpg --verify commons-lang-2.0.tar.gz.asc commons-lang-2.0.tar.gz
>gpg: Signature made Mon 01 Sep 2003 06:34:22 PM PDT using DSA key ID
>gpg: Good signature from "Henri Yandell (For signing Apache
>distributions) "
>gpg: checking the trustdb
>gpg: no ultimately trusted keys found
>gpg: WARNING: This key is not certified with a trusted signature!
>gpg:          There is no indication that the signature belongs to the
>Primary key fingerprint: CEF6 F51A E081 BA36 7763  52F2 5094 C55A 61F3
>So, is this good enough even with the WARNING?
>To unsubscribe, e-mail:
>For additional commands, e-mail:

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message