commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Grobmeier <>
Subject Re: [releasing] PGP keys for code signing
Date Wed, 06 May 2009 12:29:53 GMT
> Thanks, that has allowed me to check the signature. Validates OK.


> However I was unable to download the key from a keyserver - maybe
> there was a problem with the server I was using.

Strange... I uploaded it to: and to
Its available by webinterface from mit, but not from

>>  > It will need to be added to KEYS at some point if you are to use it.
>> Yes. I didn't understood when a key is beeing considered "trusted" at apache.
> See:
> In theory, all ASF keys should be connected in a web of trust, however
> that is not the case.

OK. Thats the point which confused me.

> But at least if your key is in the KEYS file it shows that it was
> trusted by the person updating the file, and that person must have had
> commit access.

OK, I will add my key to the KEYS file then and go ahead :-)
Thanks for your help!


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message