corinthia-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Kelly <>
Subject Re: [DISCUSS][PRE-VOTE] Release candidate 0.1
Date Fri, 14 Aug 2015 17:42:17 GMT
> On 15 Aug 2015, at 12:34 am, Dennis E. Hamilton <> wrote:
> I think it looks good to you because you signed it and you have the public key.
> I obviously do not have the public key of the signer.
> Furthermore, nowhere am I told that I need yours.  I am reviewing this as someone who
is not on the project.  

My understanding is that you *are* on the project - these release candidates are intended
for people who are on the project.

Even if someone were not on the project, I don’t think it’s an unreasonable stretch to
assume that Jan is the signer, or that at minimum a verification could be attempted using
his public key.

> Somewhere, it must be specified what public key is needed and how to obtain it from a
safe place.  That is what I am asking for.  

Jan and I have both now given you this information.

> What is the information that an outsider needs in order to know who is the release manager/signer
is and how to find an authentic public key for that committer?
> When that information is provided, I can proceed with any review of the source zip.

The name of the person posting the release candidates, as can be seen from the mailing list,
is Jan Iverson. This person’s email address is, which implies that his Apache
ID is jani. The ASF maintains the public keys of all committers at,
where each file has the name of the username. Therefore Jan’s key, and by extension the
key with which the release candidate was signed, is available at

Dr Peter M. Kelly

PGP key: <>
(fingerprint 5435 6718 59F0 DD1F BFA0 5E46 2523 BAA1 44AE 2966)

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message