My search was on the key servers, by using pgp.mit.edu. The issue was that you, ironically, can't seem to search by key id.
On Mon, Oct 13, 2014 at 11:31 PM, Julian Hyde <jh...@apache.org> wrote: > For the record, I did register my key fingerprint at https://id.apache.org > and my key is present at > https://people.apache.org/keys/committer/jhyde.asc. > And it was before the release was made. So, I am surprised that it did not > show up in a search. > > Julian > > > On Oct 13, 2014, at 12:11 PM, Dennis E. Hamilton <dennis.hamil...@acm.org> > wrote: > > I suggest that the release manager and anyone else in the KEYS file should > have added key fingerprints to their Apache profiles at < > https://id.apache.org/>. > > This will have their PGP keys refreshed regularly under their Apache ID at > <https://people.apache.org/keys/committer/>. > > With regard to an identifiable association of the key, presence in this > manner connects the PGP key to The Apache ID by demonstration of control > over the committer's Apache profile. > > One can go farther by adding the user...@apache.org to an User-ID on the > key. > Verifying that one has control over that e-mail address (and all User-IDs) > Is done by registering the public key at the PGP Global Directory service > at > <https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event> and completing the > ceremony specified there. After the ceremony is completed, you can > retrieve > your counter-signed PGP key from that service and synchronize it to a > public > PGP key server. The ASF will pick it up on a future refresh. > > Use of the key from the Apache ID list has certain valuable properties. It > is > not fixed, as in the key files in the project and in distributions. That > means > any additional (web-of-trust) certifications of the keys association with a > committer are updated automatically. That includes any revocations. > > > -- Dennis E. Hamilton > dennis.hamil...@acm.org +1-206-779-9430 > https://keybase.io/orcmid PGP F96E 89FF D456 628A > X.509 certs used and requested for signed e-mail > > > > -----Original Message----- > From: Justin Mclean [mailto:jus...@classsoftware.com] > Sent: Sunday, October 12, 2014 22:29 > To: general@incubator.apache.org > Subject: Re: [VOTE] Release Apache Calcite 0.9.1 (incubating) > > Hi, > > First, the signing key is present in SVN, but has not been uploaded to the > standard key-servers, nor has it been signed by anyone. > > > I found it here: > https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index > > Even if the key is part of a web trust it may not be part of everyone's web > of trust. I'd see that as a hard requirement to meet. > > Thanks, > Justin > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org >