Hi, I'm about to transition to a stronger PGP key and I reviewed quickly the keys used by the Commons committers (from http://www.apache.org/dist/commons/KEYS). There are currently 67 keys, 11 keys have a length of 4096 bits or more, and only 5 keys are signed by other people and linked to the web of trust. The winner of the key signing game is Torsten Curdt with 85 connections.
That would be a good thing to have more keys signed in order to strengthen the verification of our releases by downstream users and packagers. http://www.apache.org/dev/openpgp.html#apache-wot http://www.apache.org/dev/release-signing.html#web-of-trust The winter is over, it's time to go out and have a drink together to get the keys signed folks! Anyone gets near Paris in the next months ? :) Emmanuel Bourg
smime.p7s
Description: Signature cryptographique S/MIME