I am looking at the release of ODE 1.0-incubating. The release doesn't include the KEYS file, which isn't a requirement, but I would like to see;
1. The official KEYS file downloadable from the website. 2. The keys in the file to be uploaded to PGP server(s). See http://www.apache.org/dev/release-signing.html for all the details around signing releases. Later, when you have an opportunity to exchange public keys with other Apache committers, such as ApacheCon, JavaOne or just 'happen to meet', then be involved in the Apache Web of Trust. Henk Penning is one of the drivers in the PGP awareness at Apache and take a look at his Apache home page; http://people.apache.org/~henkp/ Cheers -- Niclas Hedhman, Software Developer I live here; http://tinyurl.com/2qq9er I work here; http://tinyurl.com/2ymelc I relax here; http://tinyurl.com/2cgsug
