Hi, I just realised that when I generated the signatures for the .tar.gz and .zip distribution bundles, I gave gpg the wrong flags.
The ".asc" files are actually signed versions of the *whole file*, not a detached signature. oops. These are actually valid signatures, in that they can only be decoded to a proper copy of the appropriate file via my public key. But they are a little larger than necessary.. I have resigned the original released jars properly, and updated the distribution directories. As the actual released jars have not been modified in any way this seems ok. Please let me know if there are any objections. The files in the maven repo are fine. Regards, Simon
