Hi Nick,

2017-04-30 1:23 GMT+02:00 Nick Kew <niq@apache.org>:
I've made some updates to our PGP verification page.
They can be seen at

The reasons for updating it is that the old instructions
had become dangerously outdated, by virtue of using
32-bit keys as if they were secure.  As discussed in my
recent blog article at

Comment solicited.  I tried to preserve the shape of
the original with minimum change to introduce the reality
of 32-bit spoofing.

Looks really good, thanks for doing it.