It is not an answer to your question... But I'm curious :-) How work revocation without a central certificate authority?
Gilles > -----Original Message----- > From: Xavier Hanin [mailto:[EMAIL PROTECTED] > Sent: vendredi 27 avril 2007 9:22 > To: [email protected] > Subject: Re: Signing Releases > > On 4/17/07, Stefan Bodewig <[EMAIL PROTECTED]> wrote: > > On Tue, 17 Apr 2007, Xavier Hanin <[EMAIL PROTECTED]> wrote: > > > > > So I'll generate my own key next week and try to arrange to get it > > > signed at ApacheCon. > > > > Please also upload it to the key servers. A web interface is provided > > by <http://pgpkeys.mit.edu/> for example. > > I've created my GPG key, I hope it will be ok for ApacheCon signing party. > What I've done so far: > * create the key using gpg --gen-key > * create a revocation key in case I'd need one later > * put the public key at > ** http://people.apache.org/~xavier/pub.asc > ** http://pgp.mit.edu:11371/pks/lookup?search=xavier.hanin&op=index > ** sent to Sander Temme for the key signing party > > * I've printed a page with my key fingerprint (obtained with gpg > --edit-key DE8884A0 ; fpr) to give to people at ApacheCon, and to > check information is correct at the signing party > > If you see something else I should do, please tell me! > > TIA, > > Xavier
