On 14 October 2014 04:40, Ted Dunning <ted.dunn...@gmail.com> wrote: > My search was on the key servers, by using pgp.mit.edu. The issue was that > you, ironically, can't seem to search by key id.
You need to prefix the (hex) id with 0x, for example: http://pgp.mit.edu/pks/lookup?search=0x2AD3FAE3&op=index&fingerprint=on > > > On Mon, Oct 13, 2014 at 11:31 PM, Julian Hyde <jh...@apache.org> wrote: > >> For the record, I did register my key fingerprint at https://id.apache.org >> and my key is present at >> https://people.apache.org/keys/committer/jhyde.asc. >> And it was before the release was made. So, I am surprised that it did not >> show up in a search. >> >> Julian >> >> >> On Oct 13, 2014, at 12:11 PM, Dennis E. Hamilton <dennis.hamil...@acm.org> >> wrote: >> >> I suggest that the release manager and anyone else in the KEYS file should >> have added key fingerprints to their Apache profiles at < >> https://id.apache.org/>. >> >> This will have their PGP keys refreshed regularly under their Apache ID at >> <https://people.apache.org/keys/committer/>. >> >> With regard to an identifiable association of the key, presence in this >> manner connects the PGP key to The Apache ID by demonstration of control >> over the committer's Apache profile. >> >> One can go farther by adding the user...@apache.org to an User-ID on the >> key. >> Verifying that one has control over that e-mail address (and all User-IDs) >> Is done by registering the public key at the PGP Global Directory service >> at >> <https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event> and completing the >> ceremony specified there. After the ceremony is completed, you can >> retrieve >> your counter-signed PGP key from that service and synchronize it to a >> public >> PGP key server. The ASF will pick it up on a future refresh. >> >> Use of the key from the Apache ID list has certain valuable properties. It >> is >> not fixed, as in the key files in the project and in distributions. That >> means >> any additional (web-of-trust) certifications of the keys association with a >> committer are updated automatically. That includes any revocations. >> >> >> -- Dennis E. Hamilton >> dennis.hamil...@acm.org +1-206-779-9430 >> https://keybase.io/orcmid PGP F96E 89FF D456 628A >> X.509 certs used and requested for signed e-mail >> >> >> >> -----Original Message----- >> From: Justin Mclean [mailto:jus...@classsoftware.com] >> Sent: Sunday, October 12, 2014 22:29 >> To: general@incubator.apache.org >> Subject: Re: [VOTE] Release Apache Calcite 0.9.1 (incubating) >> >> Hi, >> >> First, the signing key is present in SVN, but has not been uploaded to the >> standard key-servers, nor has it been signed by anyone. >> >> >> I found it here: >> https://pgp.mit.edu/pks/lookup?search=Julian+Hyde&op=index >> >> Even if the key is part of a web trust it may not be part of everyone's web >> of trust. I'd see that as a hard requirement to meet. >> >> Thanks, >> Justin >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
