I don't think it should even say WHO signed it. It already instructs users to download the KEYS file and import that file. Isn't that sufficient? As long as the artifacts are signed by someone in that KEYS file, doesn't that take care of it? Why does this page need to list someone's name?
Nick On Feb 21, 2014, at 9:39 AM, Gary Gregory wrote: > On Fri, Feb 21, 2014 at 12:13 AM, Ralph Goers <ralph.go...@dslextreme.com> > wrote: > The download page - http://logging.apache.org/log4j/2.x/download.html - lists > the artifacts for the latest release. However, it says it was signed by me > with my key. The page needs to be updated to reflect that it was signed by > Nick. > > Ralph > > Can that be driven by the POM somehow? > > Gary > > > > -- > E-Mail: garydgreg...@gmail.com | ggreg...@apache.org > Java Persistence with Hibernate, Second Edition > JUnit in Action, Second Edition > Spring Batch in Action > Blog: http://garygregory.wordpress.com > Home: http://garygregory.com/ > Tweet! http://twitter.com/GaryGregory
smime.p7s
Description: S/MIME cryptographic signature