commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Grobmeier <grobme...@gmail.com>
Subject Re: [releasing] PGP keys for code signing
Date Wed, 06 May 2009 12:29:53 GMT
>> http://people.apache.org/~grobmeier/test/grobmeier-codesigning.pub
>
> Thanks, that has allowed me to check the signature. Validates OK.

Cool!

> However I was unable to download the key from a keyserver - maybe
> there was a problem with the server I was using.

Strange... I uploaded it to: pgp.mit.edu and to subkeys.pgp.net
Its available by webinterface from mit, but not from pgg.net.

>>  > It will need to be added to KEYS at some point if you are to use it.
>>
>> Yes. I didn't understood when a key is beeing considered "trusted" at apache.
>
> See:  http://www.apache.org/dev/release-signing.html
> In theory, all ASF keys should be connected in a web of trust, however
> that is not the case.

OK. Thats the point which confused me.

> But at least if your key is in the KEYS file it shows that it was
> trusted by the person updating the file, and that person must have had
> commit access.

OK, I will add my key to the KEYS file then and go ahead :-)
Thanks for your help!

Christian

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message