Hi, First, thank you for making Jackson!
I noticed while upgrading to a newer version of Jackson that the key used to sign releases changed with release 2.11.2. I checked the release notes, bud didn't see any mention of the change in keys. The problem is that I can't find the public key anywhere, which leaves me unable to verify the releases are authentic. So my question is threefold: 1. Who owns 0x8A10792983023D5D14C93B488D7F1BEC1E2ECAE7 ? 2. Is that key authorized to make Jackson releases? 3. Can you publish it? Either to a key server such as http://keyserver.ubuntu.com/ or following Apache's model to a KEYS file in your git repository. Or both would be even better so that it is easy to access via a standard protocol and it is clear that it is authorized to make releases for the Jackson project. Best Regards, Evan -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jackson-user/15be318d87d07640591f0cdd884f85d88a1af707.camel%40nrl.navy.mil.
smime.p7s
Description: S/MIME cryptographic signature
