lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Muir <rcm...@gmail.com>
Subject Re: Please get your gpg keys signed!
Date Fri, 25 Jun 2010 11:36:44 GMT
On Fri, Jun 25, 2010 at 5:29 AM, Thomas Koch <thomas@koch.ro> wrote:
>
> But checking the signatures of apache software obviously is meaningless,
> since
> apache developers appears to not have their keys in the web-of-trust. From
> three signature files I had laying around on my hard disc, all three keys
> had
> zero signatures on the MIT keyserver:
>
>
are you sure you know how to verify keys? please read the manual before
cross-posting to this many mailing lists.

for example, Grant's key is definitely signed. i know because i signed it
myself:

pub  4096R/FE045966 2009-10-13

uid Grant Ingersoll (CODE SIGNING KEY) <gsingers@apache.org>
sig  sig3  FE045966 2009-10-13 __________ __________ [selfsig]
sig  sig   A867E8B1 2009-10-13 __________ __________ Grant Ingersoll (CODE
SIGNING KEY) <gsingers@apache.org>
sig  sig   3396054D 2009-11-05 __________ __________ Robert Muir (Code
Signing Key) <rmuir@apache.org>
sig  sig   ECA39416 2009-11-05 __________ __________ Simon Willnauer (Code
Signing Key) <simonw@apache.org>
sig  sig   C09FB546 2009-11-05 __________ __________ Isabel Drost (Apache
release signing key) <isabel@apache.org>
sig  sig   0C0885B4 2009-11-05 __________ __________ Isabel Drost <
idrost@htwm.de>
sig  sig   E1EE085F 2009-11-05 __________ __________ Uwe Schindler (CODE
SIGNING KEY) <uschindler@apache.org>

*
*
-- 
Robert Muir
rcmuir@gmail.com

Mime
View raw message