kwin commented on issue #2: SLING-8029 Retrieve gpg key automatically if it is
missing in keyring
URL:
https://github.com/apache/sling-tooling-release/pull/2#issuecomment-431374168
For exactly this reason we only trust keys within
https://people.apache.org/keys/group/sling.asc, right?
kwin commented on issue #2: SLING-8029 Retrieve gpg key automatically if it is
missing in keyring
URL:
https://github.com/apache/sling-tooling-release/pull/2#issuecomment-430990437
If I understand correctly, we should validate if the public keys are also
listed in
