I just had to update my apache signing key as it was obsolete (old sha1 algorithm no longer supported)
As a result, I now have a new signing key, but no web of trust for it. It would be good if I had some trusted parties sign my new key. Instructions are here: https://cwiki.apache.org/confluence/display/DAFFODIL/Signing+Keys+and+Getting+Your+Keys+Signed Mike Beckerle Apache Daffodil PMC | daffodil.apache.org OGF DFDL Workgroup Co-Chair | www.ogf.org/ogf/doku.php/standards/dfdl/dfdl Owl Cyber Defense | www.owlcyberdefense.com