On Mon, Feb 6, 2012 at 8:37 PM, Jonathan Hsieh <j...@cloudera.com> wrote: > - Ram, I think if I understand the signing stuff properly, your gpg > signature needs to be verifed/signed by someone else in the "web of trust".
Regarding signatures: if another committer reviews the release and is willing to stand by it, that committer can sign the artifact in lieu of Ram. So, if you vote +1 on the next release, Jon, you can sign it, and I can sign your key at the office to get you into the apache "web of trust". -Todd -- Todd Lipcon Software Engineer, Cloudera