[Dropping bug-gnulib from CC.]
Collin Funk wrote:
> Should that section just be removed from the manual?
Yes, for the moment, this seems to be the right thing to do, because:
* Even with a configured keyserver that is still operating, such as
hkps://keys.openpgp.org, the problem with keyservers is that
anyone can upload a fake GPG key for a given package maintainer.[1]
* The release announcements that we make on info-gnu contain
instructions how to retrieve the GPG keys from the GNU keyring.[2]
* According to Simon Josefsson, the replacement for the keyservers is
that users should fetch the GPG keys from various locations. [3]
This can be the package maintainer's Savannah account or home page,
for example. But this is hard to formalize in the Maintainers' Guide.
Bruno
[1] https://lists.gnu.org/archive/html/bug-gettext/2025-03/msg00003.html
[2] https://lists.gnu.org/archive/html/info-gnu/2025-05/msg00008.html
[3] https://lists.gnu.org/archive/html/bug-gnulib/2024-12/msg00080.html
