On Wed, Dec 14, 2011 at 11:17 PM, Howard Lewis Ship <[email protected]> wrote:
> +1 > > I haven't done more verification than to check the MD5 sum and the signature. > > We may need to move a bug or two from 5.3.1 to 5.3.2. I believe I > commited a fix after you cut the branch. We should double-check the > list of bugs fixed against the SVN log. Can I leave that in your > hands? I'm over-taxed this week. Yep. > Note: > > $ gpg --verify apache-tapestry-5.3.1-sources.zip.asc > gpg: Signature made Tue Dec 13 10:18:02 2011 PST using RSA key ID 4F7FEF55 > gpg: Good signature from "Massimo Lusetti <[email protected]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: FCAF DD3B 5989 D139 3EC2 A499 7995 8D76 4F7F EF55 > ~/Downloads > $ gpg --verify apache-tapestry-5.3.1-javadocs.zip.asc > gpg: Signature made Tue Dec 13 10:19:39 2011 PST using RSA key ID 4F7FEF55 > gpg: Good signature from "Massimo Lusetti <[email protected]>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: FCAF DD3B 5989 D139 3EC2 A499 7995 8D76 4F7F EF55 > > I wonder what we can do about the WARNING above? I can confirm that this is my fingerprint. I think that we could/should exchange keys and sign each others, I will double check but my key is already at MIT and on people's keys: http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x79958D764F7FEF55 https://people.apache.org/keys/committer/mlusetti.asc https://people.apache.org/keys/group/tapestry.asc Cheers -- Massimo http://meridio.blogspot.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
