Author: Mike Hearn 2014-02-07 10:48:17
Published on: 2014-02-07T10:48:17+00:00
The v0.11 tag has been released and is signed by Andreas Schildbach's GPG key with a fingerprint of E944 AE66 7CF9 60B1 004B C32F CA66 2BE1 8B87 7A60. The commit hash is 410d4547a7dd20745f637313ed54d04d08d28687. It is important to note that PGP keys are commonly identified by short identifiers, which can cause problems. The author has a PGP key with a fingerprint of C85A AB0F 7A1C CCA3 2BFC EECC F2E4 861C 9988 816F and signed Andreas' key with it. However, as the author is not well connected in the web of trust, it does not add much. Thanks to Gary Rowe, there is a Maven dependency checker plugin that verifies the full hashes of library dependencies. While it could be better integrated, it provides another backstop. A non-text attachment named smime.p7s was also included but without any further context or explanation.
Updated on: 2023-06-08T02:19:23.857197+00:00