lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Koch <tho...@koch.ro>
Subject Re: Please get your gpg keys signed!
Date Fri, 25 Jun 2010 12:53:41 GMT
Robert Muir:
> On Fri, Jun 25, 2010 at 5:29 AM, Thomas Koch <thomas@koch.ro> wrote:
> > But checking the signatures of apache software obviously is meaningless,
> > since
> > apache developers appears to not have their keys in the web-of-trust.
> > From three signature files I had laying around on my hard disc, all
> > three keys had
> 
> > zero signatures on the MIT keyserver:
> are you sure you know how to verify keys? please read the manual before
> cross-posting to this many mailing lists.
> 
> for example, Grant's key is definitely signed. i know because i signed it
> myself:
> 
> pub  4096R/FE045966 2009-10-13
> 
> uid Grant Ingersoll (CODE SIGNING KEY) <gsingers@apache.org>
> sig  sig3  FE045966 2009-10-13 __________ __________ [selfsig]
> sig  sig   A867E8B1 2009-10-13 __________ __________ Grant Ingersoll (CODE
> SIGNING KEY) <gsingers@apache.org>
> sig  sig   3396054D 2009-11-05 __________ __________ Robert Muir (Code
> Signing Key) <rmuir@apache.org>
> sig  sig   ECA39416 2009-11-05 __________ __________ Simon Willnauer (Code
> Signing Key) <simonw@apache.org>
> sig  sig   C09FB546 2009-11-05 __________ __________ Isabel Drost (Apache
> release signing key) <isabel@apache.org>
> sig  sig   0C0885B4 2009-11-05 __________ __________ Isabel Drost <
> idrost@htwm.de>
> sig  sig   E1EE085F 2009-11-05 __________ __________ Uwe Schindler (CODE
> SIGNING KEY) <uschindler@apache.org>
> 
> *
> *

Hallo Robert,

You're right with Grant and I'm sorry for have been confused by the 
webinterface of the keyserver. However after double checking with the pgp.net 
keyserver I still don't find any signatures for M. Stack and P. Hunt.

And even the four signatures on Grant's key don't help much because they seem 
to form a disconnected cluster of Andi Vajda, Isabel Drost, Michael Busch, 
Robert Muir, Simon Willnauer and Uwe Schindler without any signature coming in 
from the outside. - Isabel once had a very good signed key, but this has 
expired.

The goal would be, that the apache keys would somehow interconnect with some 
Debian keys:

http://people.debian.org/~weasel/weboftrust/

Many of the keys in the Debian Keyring have hundrets of signatures. It may 
well be, that the Apache Keyring can get as strong as the Debian Keyring after 
only two or three Apache Conferences.

Best regards,

Thomas Koch, http://www.koch.ro

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message