Torsten Curdt wrote: > > So how did the key signing go at the GetTogether? > > Did go well :-) > > At least Bertrand, Carsten, Marcus, Sylvain and me signed keys.
Excellent, that will strengthen the ties to the crowd via Carsten. http://www.apache.org/~henkp/trust/apache.html > > Did you also update the KEYS file in our cocoon SVN? > > Ups ...didn't know we have such a file :-) > > What is it for? So that people can verify the integrity of our releases. Oh no! I just realised that the Cocoon download page does not promote the use of keys or md5sum at all. See Forrest download for explanation. We investigated lots of other Apache projects to then build our download facility. http://forrest.apache.org/mirrors.cgi Henk's pages use each project's KEYS file: [1] http://www.apache.org/~henkp/trust/apache.html [2] http://www.apache.org/~henkp/ => Integrity -- David Crossley
