[
https://issues.apache.org/jira/browse/JSPWIKI-560?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12722790#action_12722790
]
Craig Russell commented on JSPWIKI-560:
---------------------------------------
The issue is not so much how many folks should be tied into the Apache WOT.
Everyone who signs releases needs to have a key (duh) and any key used to sign
a release should be tied into the WOT by being signed, and by having the owner
sign others' keys.
Then the question is how many signatures on your keys are enough. One is
enough, but more is (are) better. Cross-signed keys are best.
> Developers tied into ASF PGP web of trust
> ------------------------------------------
>
> Key: JSPWIKI-560
> URL: https://issues.apache.org/jira/browse/JSPWIKI-560
> Project: JSPWiki
> Issue Type: Task
> Reporter: Janne Jalkanen
> Fix For: Graduating
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
