Hi all, Whilst performing release tasks for qpid java components of version 6.0.0 I realized that KEYS file [1] referred from Qpid download page [2] is actually not up to date.
As far as I understood currently public PGP signing keys for qpid project are kept in [3]. I am not sure why download page refers public keys from [1]. Is it intentional? If yes, what is the rationale behind that? If not, we need to update download page to refer keys from [2]. Kind Regards, Alex [1] http://www.apache.org/dist/qpid/KEYS [2] https://qpid.apache.org/download.html#verify-what-you-download [3] https://people.apache.org/keys/group/qpid.asc