I want to offer a bit of improvement for the release validation process. For those of you in Saint-Petersburg I'd suggest we get together and do GPG key-signing party: I am going to be there on the week of May 25th. My GPG key is verified by a number of Apache folks, so having me signing your keys would help to establish some minimal web of trust.
We might make it go smoothly with a couple of beers ;) Cos
