Hi Suresh, Thanks for the feedback.
On Thu, Oct 24, 2013 at 7:17 PM, Suresh Marru <[email protected]> wrote: > Hi All, > > I do not see any discussion on the release discuss thread. I have a > question to the 9 PPMC votes, what all did you verify? It is a good > practice to send them to the DISCUSS thread your testing process and what > you found. For this release, there is an issue with the key trust, and the > PPMC should have very well caught it if you spent 5 minutes to verify the > vote while not waiting for the mentors to catch it. > > Lahiru, > > I quickly tried to verify the signatures and I see this: > > gpg: Signature made Tue Oct 15 05:59:28 2013 EDT using RSA key ID 44BBC719 > gpg: Good signature from "Lahiru Sandaruwan (Opensource GPG key) < > [email protected]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: 7746 771D C310 AC50 4A12 CAE9 B01D E39C 44BB C719 > > I am sure you will raise some eye brows on the general vote. Can you get > your key signed by existing Apache committers who are within Apache web of > trust? > Sure. will get my key verified by someone within Apache web of trust. Thanks. > > See [1] for explanation and mitigation about this warning. > > Cheers, > Suresh > [1] - http://www.apache.org/info/verification.html -- -- Lahiru Sandaruwan Software Engineer, Platform Technologies, WSO2 Inc., http://wso2.com lean.enterprise.middleware email: [email protected] cell: (+94) 773 325 954 blog: http://lahiruwrites.blogspot.com/ twitter: http://twitter.com/lahirus linked-in: http://lk.linkedin.com/pub/lahiru-sandaruwan/16/153/146
