Hi Julian, I totally understand the concept of web-of-trust and your meaning of face-to-face. I'll try to find someone in my company to verify me+key face to face to make it trustable. Thank you for your pointing out!
Michael On Fri, Jul 8, 2016 at 12:31 PM, Julian Hyde <[email protected]> wrote: > These things are best done face-to-face. > > Think about it: the purpose of a signed public key is so that I can be > absolutely sure that it was you who signed the release. Not someone who > gained temporary access to your email address. > > Is there someone in your company who is in the web of trust? Are you going > to a conference or meetup sometime soon? > > Julian > > > > > On Jul 7, 2016, at 9:22 PM, Michael Wu <[email protected]> wrote: > > > > Hi dev group, > > > > Could anyone that has certified gpg key help sign my gpg pub-key, please? > > > > My public key is at: http://people.apache.org/keys/committer/mw.asc > > My apache email address is: [email protected] > > > > Anything else has to be provided, please do let me know. Thanks! > > > > Michael > >
