2009/5/6 Rahul Akolkar <[email protected]> > On Wed, May 6, 2009 at 10:43 AM, Craig L Russell <[email protected]> > wrote: > > Much better! > > > <snip/> > > [CraigRussell:~/Downloads] clr% gpg --verify > > commons-chain-1.2-bin.tar.gz.asc > > gpg: Signature made Tue May 5 22:13:09 2009 PDT using DSA key ID > 42196CA8 > > gpg: Good signature from "Christian Grobmeier (Apache Codesigning) > > <[email protected]>" > > gpg: WARNING: This key is not certified with a trusted signature! > > gpg: There is no indication that the signature belongs to the > > owner. > > Primary key fingerprint: 9D23 5338 96A9 7847 0358 5B62 86E0 2C5A 4219 > 6CA8 > > > > I'd vote for this signature being valid to sign releases. Only incubator > > releases right now, since it hasn't been signed by the Apache WOT. That > can > > be fixed at a Sign-a-Thon. ;-) > > > <snap/> > > I'd vote for Apache Commons releases signed by any key thats in the > KEYS file (regardless of WOT status -- keysigning would be good and is > encouraged, but isn't a blocker).
+1 Cheers, Dave
