Hi, I think that the right way to add you to the web of trust would be for me (or anybody else) to sign your key when meeting in person. Given that we aren't too far apart that should be feasible :) I think it is usual to create a specific code signing key that is only used for this purpose (at least that's what I did). So I think that the best way would be to create such a key and to meet to allow me to sign it. This doc contains information about what key properties are currently recommended (and a lot more ...): http://www.apache.org/dev/release-signing
Cheers, Till On Tue, Nov 26, 2013 at 8:39 PM, Vinayak Borkar <[email protected]> wrote: > Hi, > > > What is the best way for me to get my verified KEYS setup so that I can > create and sign releases? > > > Thanks, > Vinayak >
