On Mon, Aug 8, 2016 at 6:29 PM John D. Ament <johndam...@apache.org> wrote:
> +1 release contents look good. Thank you for your due diligence on this > release. > > I'll reply separately about the other comments, to not throw off this > thread. > > Nitpick: Check your signature, may not be valid: > > gpg: WARNING: This key is not certified with a trusted signature! > > gpg: There is no indication that the signature belongs to the > owner. > That warning from gpg is not controllable by me. It's a warning about your own local trust database. The warning indicates that you have not yet made a determination of whether you trust my key or not. It usually follows the message about the signature being valid ( https://www.gnupg.org/gph/en/manual/x334.html). A fair number of folks have signed my key during previous ApacheCon keysigning parties, so you may be able to trust my key transitively if you trust one of theirs. Or, I think you can just set the trust level either manually, or by signing it with your own key (maybe at the next ApacheCon I'm able to attend).
