On Sat, Oct 3, 2009 at 3:34 AM, Paul Lindner <lind...@inuus.com> wrote: > Hi, > Over in the shindig podling we've been working on our 1.1 release. During > the voting process it was mentioned that my gpg key is not part of the > apache web of trust. > > * We have the +1s for shindig-1.1-BETA3, does this signature problem > disqualify the release?
IMHO, No it doesn't. What you should ensure is that the key used for the signing is both committed to the SVN, uploaded to pgp.mit.edu (and other if possible) and that the finger print is published on the official website. > * I'd appreciate any/all help getting my gpg key signed by the proper people > so we can get a release out asap -- this 1.1 release has been a long time > coming. Once we get over this hurdle we feel we'll be close to graduating. Cross-signing of keys should happen in person, where identity can be ensured. If there are people you know really well, a phone call where the other part can recognize your voice, preferably being the one calling you up on a well-known phone number, to transfer the fingerprint info... Cheers -- Niclas Hedhman, Software Developer http://www.qi4j.org - New Energy for Java I live here; http://tinyurl.com/2qq9er I work here; http://tinyurl.com/2ymelc I relax here; http://tinyurl.com/2cgsug --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
