>> http://people.apache.org/~grobmeier/test/grobmeier-codesigning.pub > > Thanks, that has allowed me to check the signature. Validates OK.
Cool! > However I was unable to download the key from a keyserver - maybe > there was a problem with the server I was using. Strange... I uploaded it to: pgp.mit.edu and to subkeys.pgp.net Its available by webinterface from mit, but not from pgg.net. >> > It will need to be added to KEYS at some point if you are to use it. >> >> Yes. I didn't understood when a key is beeing considered "trusted" at apache. > > See: http://www.apache.org/dev/release-signing.html > In theory, all ASF keys should be connected in a web of trust, however > that is not the case. OK. Thats the point which confused me. > But at least if your key is in the KEYS file it shows that it was > trusted by the person updating the file, and that person must have had > commit access. OK, I will add my key to the KEYS file then and go ahead :-) Thanks for your help! Christian --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
