Hey folks, While upgrading the xerces version to 2.12.2 inside Gradle <https://github.com/gradle/gradle/>, we cannot validate that the new key used to sign the release is legitimate.
The following key has been used: 6CB87B18A453990EAC9453F87D713008CC07E9AD (Aurélien Pupier < apup...@redhat.com>) But this key is not listed in the KEYS file found at https://downloads.apache.org/xerces/j/binaries/KEYS Can a developer confirm this signature is legitimate? Or point us to the right location for performing this validation? Regards, Louis Jacomet Senior Lead Software Engineer Gradle W. gradle.com -- * CONFIDENTIALITY NOTICE*: The contents of this email message, and any attachments, are intended solely for the addressee(s) and may contain confidential, proprietary and/or privileged information legally protected from disclosure. If you are not the intended recipient of this communication, or if you received this communication by mistake, please notify the sender immediately and delete this message and any attachments. If you are not the intended recipient, you are hereby notified that any use, retransmission, dissemination, copying or storage of this message or its attachments is strictly prohibited.
