On Dec 18, 2007, at 21:58, Jukka Zitting wrote:
Hi,
On Dec 19, 2007 3:22 AM, Frank Barnaby <[EMAIL PROTECTED]> wrote:
I was under the impression that GPG is only a recommendation and
not a
requirement. I'm certainly not the expert here, so I'm eager to
receive opinions from those with experience in this area.
The subject came up a few months back on the Incubator mailing list
and was actually even raised on the board level. See the following
threads:
http://markmail.org/message/nk75xyihcxy7ize4
http://markmail.org/message/c2ex75cfiaizyq55
See also http://www.apache.org/dev/release-signing.html#policy for the
non-normative policy (i.e. a recommendation :-) on release signing.
Thanks Zukka. The part of that policy that I overlooked is the
requirement that the detached signature must be OpenPGP compatible.
From what I've read so far, jarsigner does not seem to be OpenPGP
compatible.
Regardless, I finally got GnuPG working and am now generating detached
signature files--life is good!
Frank
BR,
Jukka Zitting
