The release script will sign the final Allura release file with PGP. Its another way in addition to md5 and sha1 checks to know the release is official. With PGP keys you can sign each others keys and form a "web of trust" too.
Can you put your public key fingerprint on your account at https://id.apache.org/ ? Then it will show up at http://people.apache.org/keys/group/allura.asc And I think we'll want to copy it to http://www.apache.org/dist/allura/KEYS manually too. Then people will know your key is part of the Allura project. On 11/9/16 11:08 AM, Pranav Sharma wrote: > Hi, > > I have set up PGP keys (locally and on mit pgp server server) as required, > in the release page, but was wondering what if the actual use for it? > Though I know that they are used to encrypt emails. > > Thanks. > -- Dave Brondsema : d...@brondsema.net http://www.brondsema.net : personal http://www.splike.com : programming <><
