I'm in the interesting situation of trying to upload autoconf 2.67 signed by my new key, but while still waiting for my new key to be installed by the ftp-upload folks to run the upload process (see http://lists.gnu.org/archive/html/autoconf/2010-07/msg00016.html). Right now, gnupload assumes that it should both create the .sig files, as well as the signed upload .directive.asc file, using the same key. But does the GNU upload process really require that the .sig and the .directive.asc be created with the same key, or does it only validate the directive, in which case I could manually create a .sig with my new key but the .directive.asc with my old key? While http://www.gnu.org/prep/maintain/maintain.html#Automated-FTP-Uploads is clear that an upload must be a triple, it is not clear whether the .sig is validated. If the split key approach works, should gnupload be given an optional argument to allow a second key for creating the .sig, different from the main key used for the .directive.asc, to save anyone else the hassle of having to manually reproduce gnupload steps just to get the split key behavior?
Of course, if the ftp-upload folks respond in time, this will be a moot point for me, as I can just do the autoconf 2.67 upload with my new key. -- Eric Blake [email protected] +1-801-349-2682 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
