Hi Niclas, It's not in the binaries but it's in the source distribution. Our KEYS file is at the root of the project source tree ([1]). It still doesn't include everybody's signature (unfortunately) but there are at least a couple ones. As I've used mine to sign the release, I've made sure that it was published to PGP server(s).
Including it in binary releases as well is easy enough and I'll add a link to it on our download page. If a few other committers can add their keys, I think we'd be set. Thanks! Matthieu [1] http://svn.apache.org/repos/asf/incubator/ode/trunk/KEYS On 6/11/07, Niclas Hedhman <[EMAIL PROTECTED]> wrote:
I am looking at the release of ODE 1.0-incubating. The release doesn't include the KEYS file, which isn't a requirement, but I would like to see; 1. The official KEYS file downloadable from the website. 2. The keys in the file to be uploaded to PGP server(s). See http://www.apache.org/dev/release-signing.html for all the details around signing releases. Later, when you have an opportunity to exchange public keys with other Apache committers, such as ApacheCon, JavaOne or just 'happen to meet', then be involved in the Apache Web of Trust. Henk Penning is one of the drivers in the PGP awareness at Apache and take a look at his Apache home page; http://people.apache.org/~henkp/ Cheers -- Niclas Hedhman, Software Developer I live here; http://tinyurl.com/2qq9er I work here; http://tinyurl.com/2ymelc I relax here; http://tinyurl.com/2cgsug
