> 1) If it'll be an ASF release, then it needs to get PGP (gpg is the > better tool btw) signed.
Should be, yes. Easy to do. Quite trivial, in fact. I would not bother
with MD5 if you've signed it.
If you need help, I can provide a shell script with commends to do the
signing.
--- Noel
