On 3/17/07, George Aroush <[EMAIL PROTECTED]> wrote:
... I generated the MD5 and SHA file based on: http://www.apache.org/dev/release-signing.html#md5 using the commands: $ gpg --print-md MD5 [fileName] > [fileName].md5..
I'll let others comment as to whether this is a usually accepted format. I have the impression that I've always seen keys in the md5 or md5sum format. i.e. what you'd get running: md5sum [fileName] > [fileName].md5 But I don't know if this is a requirement of the ASF. (the command is sometimes named md5, not md5sum, depending on your platform)
...As for your comment about the ASC file, I'm not sure what you mean by "your key hasn't been signed by anyone"? Can you tell me how to fix it if this is a problem?..
People doing releases try to have their PGP keys signed by other ASF people, in order to build a web of trust, see http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html for more info, or Henk's pages at http://people.apache.org/~henkp/trust/ I don't think a key that is not signed by others is a problem w.r.t. doing releases, but if you can get it signed at some point it's better IMHO. -Bertrand --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
