>> I would like to know how many signing keys are actually trusted which >> have been used for our releases. > > Quite a few, see http://people.apache.org/~henkp/trust/apache.html
Interesting - thanks for the link. So, 53% of our software is signed with untrusted keys. I have expected 70% untrusted keys or so. In an ideal world signing with untrusted keys is an exception --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
