Is there a guide you're getting that from? When I look at [1] it seems we trust the public registries, so nothing else should be needed.
John [1]: https://www.apache.org/info/verification.html On Mon, Jun 19, 2017 at 1:28 PM Eric Friedrich (efriedri) < efrie...@cisco.com> wrote: > Thanks John- > My key is already listed there and is present in the KEYS file as well. > > Doesn’t the key also need to be verified by others at Apache to be > considered valid? > > —Eric > > > On Jun 19, 2017, at 1:12 PM, John D. Ament <johndam...@apache.org> > wrote: > > > > I think all you have to do is upload it via https://pgp.mit.edu/ > ........... > > > > John > > > > On Mon, Jun 19, 2017 at 1:11 PM Eric Friedrich (efriedri) < > > efrie...@cisco.com> wrote: > > > >> Apologies for this slightly unorthodox use of the mailer. > >> > >> I’m in the process of preparing a release for the Traffic Control > podling. > >> As the RM, I have to use my GPG key to sign the release. > >> > >> However, my GPG key is not yet tied into the web of trust and we cannot > >> pass the vote because of this. > >> > >> Is there anyone in the Boston area (preferably South or metro-west) that > >> would be willing to meet and verify my key ownership? > >> > >> Thanks! > >> Eric > >> > >> > >
