HI, On Fri, Oct 5, 2012 at 3:15 PM, Daniel Shahaf <[email protected]> wrote: > Downloading keys from https://www.apache.org/dist/ or > https://people.apache.org/keys/ is good enough enough for users who > trust root@ and Thawte.
+1 It's good to recommend people to get their keys signed by someone in the Apache web of trust and I think we could do more in that area, but having a key available on an apache.org server seems like a good enough fallback until the key gets signed. BR, Jukka Zitting --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
