Hi, First, thank you for making Jackson!
I noticed while upgrading to a newer version of Jackson that the key used to sign releases changed with release 2.11.2. I checked the release notes, bud didn't see any mention of the change in keys. The problem is that I can't find the public key anywhere, which leaves me unable to verify the releases are authentic. So my question is threefold: 1. Who owns 0x8A10792983023D5D14C93B488D7F1BEC1E2ECAE7 ? 2. Is that key authorized to make Jackson releases? 3. Can you publish it? Either to a key server such as http://keyserver.ubuntu.com/ or following Apache's model to a KEYS file in your git repository. Or both would be even better so that it is easy to access via a standard protocol and it is clear that it is authorized to make releases for the Jackson project. Best Regards, Evan PS Apologies if this is a duplicate post. I didn't see the email I sent arrive to the list. -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jackson-user/bd749787-60f9-45f9-b682-8cbe67de34e3n%40googlegroups.com.
