Hi George,It would be best if someone already in the Apache web of trust you know personally, or who can meet you in person and verify your bonafides would volunteer to sign your key. There are half a dozen people in the Mass Bay Area according to the map below [1].
By the way, there is usually a key-signing party at the ApacheCons and I'd encourage you to show up at the party and sign others' keys and request others to sign yours.
Craig On Mar 18, 2007, at 9:07 AM, Rahul Akolkar wrote:
On 3/18/07, Gwyn Evans <[EMAIL PROTECTED]> wrote: <snip/>The critical bit is getting the key fingerprint in a way where the provider's identity can be verified...<snap/> Somewhat mitigated by listing your fingerprint here [1]. So having your key on a couple of the prominent key servers and listing the fingerprint on community central is a good start within our community. For users, obtaining the KEYS and sigs from the Apache /dist space (rather than a mirror) -- as we recommend -- reduces chances of mischief. All this works OK based on the assumption that none of these ASF resources are bungled or compromised. So, to answer the first question below: Not a must. -Rahul [1] http://people.apache.org//Gwyn On 18/03/07, George Aroush <[EMAIL PROTECTED]> wrote: > Thanks Bertrand! >> All: must the key be signed by someone other then me? If so, can someone> from ASF do so? > > Thanks. > > -- George ><snip/> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Craig Russell Architect, Sun Java Enterprise System http://java.sun.com/products/jdo 408 276-5638 mailto:[EMAIL PROTECTED] P.S. A good JDO? O, Gasp!
smime.p7s
Description: S/MIME cryptographic signature
