On Dec 20, 2007, at 15:50, Frank Barnaby wrote:
On Dec 20, 2007, at 12:59, Craig L Russell wrote:
Hi,
I had a brief look at the release, and huge progress is evident.
RAT had nothing but good things to say about both the src and bin
release packages. As we discussed earlier, the .css, .mf, and
package-list files should probably be reported as RAT issues since
we might assume that there is no IP of significance there.
The signatures check out, with only a mild warning:
gpg: Good signature from "Frank Barnaby (CODE SIGNING KEY) <[EMAIL PROTECTED]
>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to
the owner.
I noticed that too and have been working on it. I've already edited
my key to "trust" myself and have uploaded the key to a public key-
server. I've also been reading up on webs of trust, so I should
have the trust issue ironed out soon enough.
This just means that Frank should endeavor to have his key signed
by some trusted folks in Apache. This is not an issue for an
incubating release, just something to work on.
I assisted Jim H. create a key and then sign my key. My local testing
shows no more warnings, but it would be helpful to have someone else
verify.
Frank
