On 06/05/2009, Christian Grobmeier <[email protected]> wrote: > > Can you upload the public key? > > > http://people.apache.org/~grobmeier/test/grobmeier-codesigning.pub >
Thanks, that has allowed me to check the signature. Validates OK. However I was unable to download the key from a keyserver - maybe there was a problem with the server I was using. > > It will need to be added to KEYS at some point if you are to use it. > > > Yes. I didn't understood when a key is beeing considered "trusted" at apache. See: http://www.apache.org/dev/release-signing.html In theory, all ASF keys should be connected in a web of trust, however that is not the case. But at least if your key is in the KEYS file it shows that it was trusted by the person updating the file, and that person must have had commit access. > Meanwhile I think there is not such a policy. However, key should work > now for most key servers and is now signed by CACert and by another > guy. > > If I need more actions... pleae let me know. Otherwise I will commit > it to our keys file in the next days. > > Cheers + thanks, > > Christian > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
