Hey committers, I think all of you should create a GPG key to be able to a) sign a release b) verify the signed release (or... its signed files)
That was one of the issue (I guess caused by maven-gpg-plugin) that came up on the general list, regarding "bad signatures". If you don't know what that means, how to get a key, etc. Wendy has done a good job with the following wiki page: http://wiki.wsmoak.net/cgi-bin/wiki.pl?ReleaseSigning Thanks! Matthias -- Matthias Wessendorf http://tinyurl.com/fmywh further stuff: blog: http://jroller.com/page/mwessendorf mail: mwessendorf-at-gmail-dot-com