Return-Path: 
 <general-return-1678-apmail-hadoop-general-archive=hadoop.apache.org@hadoop.apache.org>
Delivered-To: apmail-hadoop-general-archive@minotaur.apache.org
Received: (qmail 58301 invoked from network); 25 Jun 2010 09:30:37 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 25 Jun 2010 09:30:37 -0000
Received: (qmail 86078 invoked by uid 500); 25 Jun 2010 09:30:34 -0000
Delivered-To: apmail-hadoop-general-archive@hadoop.apache.org
Received: (qmail 85369 invoked by uid 500); 25 Jun 2010 09:30:29 -0000
Mailing-List: contact general-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:general-help@hadoop.apache.org>
List-Unsubscribe: <mailto:general-unsubscribe@hadoop.apache.org>
List-Post: <mailto:general@hadoop.apache.org>
List-Id: <general.hadoop.apache.org>
Reply-To: general@hadoop.apache.org
Delivered-To: mailing list general@hadoop.apache.org
Received: (qmail 85328 invoked by uid 99); 25 Jun 2010 09:30:27 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Jun 2010 09:30:27 +0000
X-ASF-Spam-Status: No, hits=-1.0 required=10.0
	tests=AWL,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy)
Received: from [88.198.2.104] (HELO koch.ro) (88.198.2.104)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Jun 2010 09:30:22 +0000
Received: from 84-72-85-88.dclient.hispeed.ch ([84.72.85.88]
 helo=jona.localnet)
	by koch.ro with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.69)
	(envelope-from <thomas@koch.ro>)
	id 1OS54r-0004sj-U0; Fri, 25 Jun 2010 11:20:02 +0200
From: Thomas Koch <thomas@koch.ro>
Reply-To: thomas@koch.ro
To: general@hadoop.apache.org,
 dev@hbase.apache.org,
 java-dev@lucene.apache.org,
 zookeeper-dev@hadoop.apache.org
Subject: Please get your gpg keys signed!
Date: Fri, 25 Jun 2010 11:29:55 +0200
User-Agent: KMail/1.13.3 (Linux/2.6.32-4-amd64; KDE/4.4.4; x86_64; ; )
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <201006251129.56899.thomas@koch.ro>

Hi,

I just wanted to package the new HBase version and since I've just recently 
read about a malicious software tarball for some Linux IRC server[1], I got 
back to the habbit of checking signatures. (Yes, I was lazy recently. I'm 
ashamed.)

But checking the signatures of apache software obviously is meaningless, since 
apache developers appears to not have their keys in the web-of-trust. From 
three signature files I had laying around on my hard disc, all three keys had 
zero signatures on the MIT keyserver:

30CD0996 2010-05-03 Michael Stack <stack@duboce.net>
68E327C1 2008-10-22 Patrick Hunt <phunt@apache.org>
FE045966 2009-10-13 Grant Ingersoll <gsingers@apache.org>

So please, when you've your next Hadoop / HBase / Lucene / Apache meetings, 
take your time for a keysigning party[2]. Or just have some snippet with your 
keys fingerprint in your wallet and hand it to every other geek you meet. (And 
make sure he asks you for your ID card to check your identity!) It's also nice 
to have your gpg fingerprint on your business cards!

[1] http://www.sophos.com/blogs/chetw/g/2010/06/12/linux-malware-rears-ugly-
head/
[2] http://en.wikipedia.org/wiki/Key_signing_party

Thank you!

Thomas Koch, http://www.koch.ro