Thanks Bertrand! All: must the key be signed by someone other then me? If so, can someone from ASF do so?
Thanks. -- George -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bertrand Delacretaz Sent: Saturday, March 17, 2007 2:29 PM To: general@incubator.apache.org Subject: Re: Some help with Lucene.Net release On 3/17/07, George Aroush <[EMAIL PROTECTED]> wrote: >... I generated the MD5 and SHA file based on: > http://www.apache.org/dev/release-signing.html#md5 using the commands: > > $ gpg --print-md MD5 [fileName] > [fileName].md5.. I'll let others comment as to whether this is a usually accepted format. I have the impression that I've always seen keys in the md5 or md5sum format. i.e. what you'd get running: md5sum [fileName] > [fileName].md5 But I don't know if this is a requirement of the ASF. (the command is sometimes named md5, not md5sum, depending on your platform) > ...As for your comment about the ASC file, I'm not sure what you mean > by "your key hasn't been signed by anyone"? Can you tell me how to > fix it if this is a problem?.. People doing releases try to have their PGP keys signed by other ASF people, in order to build a web of trust, see http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html for more info, or Henk's pages at http://people.apache.org/~henkp/trust/ I don't think a key that is not signed by others is a problem w.r.t. doing releases, but if you can get it signed at some point it's better IMHO. -Bertrand --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
