Thomas, are you attending the summit? There are a number of contributor
workshops the day after, all at (or around) the same location. If you
feel strongly about this consider attending them, seems like great
opportunity for a "key signing party".
http://www.meetup.com/Hadoop-Contributors/calen
> But checking the signatures of apache software obviously is meaningless, since
> apache developers appears to not have their keys in the web-of-trust
Many many do :)
> So please, when you've your next Hadoop / HBase / Lucene / Apache meetings,
> take your time for a keysigning party[2].
We sho
Hi,
I just wanted to package the new HBase version and since I've just recently
read about a malicious software tarball for some Linux IRC server[1], I got
back to the habbit of checking signatures. (Yes, I was lazy recently. I'm
ashamed.)
But checking the signatures of apache software obvious
