lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Uwe Schindler" <>
Subject KEYS file
Date Sun, 22 Nov 2009 22:27:28 GMT
We created new keys during the key-signing on ApacheCon and lot's of
committers upgraded to 4096. Mine is new and 4096 bit and also simonw and
rmuir got new ones (now appearing in KEYS file).

Grant *replaced* his key in the KEYS file, but if Grant signed an older
release on the Apache mirrors, it cannot be verified.

Should I revert the replacement and add the old and new pub key of Grant
again before I publish the file? See also the code signing docs of Apache,
there you find the hint "...keep all former keys available, even if you get
new keys..."


Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message