> But checking the signatures of apache software obviously is meaningless, since
> apache developers appears to not have their keys in the web-of-trust
Many many do :)
> So please, when you've your next Hadoop / HBase / Lucene / Apache meetings,
> take your time for a keysigning party.
We should have done some key signing during the buzzwords conference.
For people in Berlin: I am happy to exchange keys to get them into the
Will certainly suggest something like that for our Apache Dinners.