Bertrand Delacretaz wrote: > Hi, > > On Fri, Jan 13, 2012 at 11:57 AM, Paolo Castagna > <[email protected]> wrote: >> this is what I did: >> (gpg --list-sigs 97C87790 && gpg --armor --export 97C87790) >> KEYS >> Is this the right thing to do? >> >> I noticed a sort of difference in the output... mentors/gpg experts?... > > I think http://www.apache.org/dev/release-signing#keys-policy is up to date.
Hi Bertrand, what I was not completely sure about is if it's ok to publish: pub 4096R/97C87790 2011-05-14 [expires: 2021-05-11] uid Paolo Castagna <[email protected]> ... sig ........ 2011-11-10 ... <email> ... But, I guess spammers already have all those emails and people already knew in advance that putting their email there will expose it to the world. Fine by me, but I was worried and wanted to be "kind" to them. Those info are also elsewhere (i.e. on key servers, etc). So, probably, not an issue. This should better explain the rationale behind my question. Thanks, Paolo > > -Bertrand
