lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Uwe Schindler" <...@thetaphi.de>
Subject KEYS file
Date Sun, 22 Nov 2009 22:27:28 GMT
We created new keys during the key-signing on ApacheCon and lot's of
committers upgraded to 4096. Mine is new and 4096 bit and also simonw and
rmuir got new ones (now appearing in KEYS file).

Grant *replaced* his key in the KEYS file, but if Grant signed an older
release on the Apache mirrors, it cannot be verified.

Should I revert the replacement and add the old and new pub key of Grant
again before I publish the file? See also the code signing docs of Apache,
there you find the hint "...keep all former keys available, even if you get
new keys..."

Uwe

-----
Uwe Schindler
H.-H.-Meier-Allee 63, D-28213 Bremen
http://www.thetaphi.de
eMail: uwe@thetaphi.de




---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-dev-help@lucene.apache.org


Mime
View raw message