Excellent, that will strengthen the ties to the crowd via Carsten. http://www.apache.org/~henkp/trust/apache.html
Carsten, Sylvain ...looks like you did not yet sign and/or update the keys on pgp.mit.edu?
What is it for?
So that people can verify the integrity of our releases.
...because not everyone knows our keys are at pgp.mit.edu we ship them ...I see
Oh no! I just realised that the Cocoon download page does not promote the use of keys or md5sum at all.
See Forrest download for explanation. We investigated lots of other Apache projects to then build our download facility. http://forrest.apache.org/mirrors.cgi
Henk's pages use each project's KEYS file:
[1] http://www.apache.org/~henkp/trust/apache.html [2] http://www.apache.org/~henkp/ => Integrity
ah... ok!
Thanks for the explanation :) -- Torsten
