Hi, > I still don't get it, but if it's good enough for Apache, it better be > good enough for me, right?
Well if you look up your key it tell me who you are are but there's no one who backs up that claim. http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x00397EFE935E15AF If you look up me you see there's a few people who can confirm who I say am I. http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xE0F28593AEEAD151 One or two of them you may know and perhaps trust, but if you don't trust any of them then you're not going to trust who I say I am. It's not a big deal, as only committers can make releases and it's fairly easy to verify who is a committer and their key. http://people.apache.org/list_M.html#jmclean Although I don't see you on that list you're on this one: http://people.apache.org/committer-index.html#erikdebruin Justin
