> But checking the signatures of apache software obviously is meaningless, since
> apache developers appears to not have their keys in the web-of-trust

Many many do :)

> So please, when you've your next Hadoop / HBase / Lucene / Apache meetings,
> take your time for a keysigning party[2].

We should have done some key signing during the buzzwords conference.
For people in Berlin: I am happy to exchange keys to get them into the
Will certainly suggest something like that for our Apache Dinners.


Reply via email to