As Andrew notes in the current VOTE thread for DataFusion 8.0.0-rc2, there is an issue with the key I used to sign the release:
gpg: Good signature from "Andy Grove <[email protected]>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the I found the current documentation a little lacking so could use some guidance on what I need to do, and I can then better document this in the repo. The KEYS file has this header: Users: pgp < KEYS gpg --import KEYS Developers: pgp -kxa <your name> and append it to this file. (pgpk -ll <your name> && pgpk -xa <your name>) >> this file. (gpg --list-sigs <your name> && gpg --armor --export <your name>) >> this file. Was I supposed to run both the pgp and gpg commands in the developer section? I perhaps naively assumed these were alternate options and I just ran the following: (gpg --list-sigs "Andy Grove" && gpg --armor --export "Andy Grove") >> KEYS svn commit KEYS -m "Add key for Andy Grove" Also, It wasn't immediately obvious to me how to install "pgpk" on Ubuntu. Were there other steps that I have missed? Thanks, Andy.
