On Wed, Jan 19, 2011 at 2:56 AM, Atsuhiko Yamanaka <[email protected]> wrote: > Hi again, > > +-From: [email protected] (Atsuhiko Yamanaka) -- > |_Date: Tue, 18 Jan 2011 21:00:09 +0900 ______ > | > |Now, *.asc files have been placed under > | http://jsch.sourceforge.net/maven2/com/jcraft/jsch/0.1.44/jsch-0.1.44.pom > | |The <URL> tag which points to jcraft.com should have the public GPG > | |key that is used to sign the project build on the website in addition > | |to the sf.net project page. They like to prove ownership of the > | |domain/project by being able to download the GPG key from it. > |, but I have not understood how to allow to download the GPG public key. > |I have referred to your pom file(chopchophttpclient-1.0.1.pom), > |but it seems there is not a tag for the public GPG key in it. > > FYI, I have distributed our public key to hkp://pgp.mit.edu , > and you will be get it with > $ gpg --keyserver hkp://pgp.mit.edu --recv-keys CA7FA1F0 > > > Sincerely, > -- > Atsuhiko Yamanaka > JCraft,Inc. > 1-14-20 HONCHO AOBA-KU, > SENDAI, MIYAGI 980-0014 Japan. > Tel +81-22-723-2150 > +1-415-578-3454 > Skype callto://jcraft/ > Twitter: http://twitter.com/ymnk >
You'll want to put the GPG public key info on the website http://www.jcraft.com/jsch/ as proof of ownership of the key to Maven Central. You could just quote the following on the page: Our public key is located on hkp://pgp.mit.edu , and you will be get it with $ gpg --keyserver hkp://pgp.mit.edu --recv-keys CA7FA1F0 ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ JSch-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jsch-users
