This is mainly for Norman, but maybe also others have an answer for me. I just verified that Norman's Key in our KEYS file (http://www.apache.org/dist/james/KEYS) is not updated. The KEY present in that file has not been signed by anyone but "self-signed". Instead on public pgp servers I can find the same key signed by Noel, Joachim and someone else.
Do we need to update the KEYS file to have only keys signed by ASF trusted signers or we can leave this tasks to people wanting to verify the web-of-trust? Stefano --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
