[prev in list] [next in list] [prev in thread] [next in thread] 

List:       struts-dev
Subject:    Re: svn commit: r947374 - /struts/maven/trunk/build/KEYS
From:       Wes Wannemacher <wesw () wantii ! com>
Date:       2010-05-25 20:23:54
Message-ID: AANLkTim8m9b_ktz99OksnO18-MpqOJA7AvABVZPbnGwr () mail ! gmail ! com
[Download RAW message or body]

On Mon, May 24, 2010 at 3:04 AM, Lukasz Lenart
<lukasz.lenart@googlemail.com> wrote:
> 2010/5/23 Lukasz Lenart <lukasz.lenart@googlemail.com>:
>> 2010/5/23 Martin Cooper <martinc@apache.org>:
>>> If an existing key has ever been used to sign a release, it should not
>>> be removed from the KEYS file. It's still needed to verify those older
>>> releases. New keys should just be added without removing anything that
>>> was there before.
>>
>> I didn't know, I loose my old keys when my laptop was flooded :P
>> I will merge with the previous version.
>
> One more question, I never used that key to sign anything (I tried,
> but a Vote was cancelled). In such case maybe it's better to clean up
> the KEYS file?
>

I would say that whether the old key stays out depends on a few
things... For one, you mentioned that you've never used that key to
sign a release. If you can guarantee that, then I don't see the need
to pull it back into the KEYS file (Martin, feel free to disagree, I'd
back down pretty easy). The way I would guarantee is to scp all the
releases from people.a.o (or wget from a mirror) and loop through them
to make sure. Should be trivial, although it might kill your bandwidth
;).

If you can't find anything that you've signed with the keys that no
longer exist, I'd say leave it (for the sake of simplicity). But, I
would also make a backup (I prefer to burn to a CD, then keep them
somewhere safe) of your new private key.

-Wes

-- 
Wes Wannemacher

Head Engineer, WanTii, Inc.
Need Training? Struts, Spring, Maven, Tomcat...
Ask me for a quote!

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]