[
https://issues.apache.org/jira/browse/VELOCITY-993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18074424#comment-18074424
]
Scott Cantor commented on VELOCITY-993:
---------------------------------------
Ah, oops.
For us, we always just maintain a PGP_KEYS file in our source code root with
all the keys that people may encounter.
For myself, I just couldn't get it from Apache's key directory, so even if you
just attached or commented it here that's good enough for us, but the PGP_KEYS
approach gives everybody the information of course.
Thx!
> PGP key for Velocity artifact signature available?
> --------------------------------------------------
>
> Key: VELOCITY-993
> URL: https://issues.apache.org/jira/browse/VELOCITY-993
> Project: Velocity
> Issue Type: Wish
> Affects Versions: 2.4.1
> Reporter: Scott Cantor
> Priority: Major
>
> The PGP key used to sign the latest release seems to be unavailable from
> Apache's commiter key list (and is noted as expired/invalid, but...)
> Any chance of getting a copy posted somewhere? It's Claude Brisson's key, key
> ID was 6F9D10E747DC79485ABB4F72B709E61252F136DD
> Sorry to pester, but we verify all our supply chain via Maven extension so
> we'd have to re-sign it all otherwise.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
