On Tue, 31 Dec 2013 13:27:30 -0500 Daniel Kahn Gillmor <[email protected]> wrote:
> On 12/31/2013 01:19 PM, Graham Leggett wrote: > > It is also a statement of what keys have historically been used to > > sign past artifacts, and that is just as important. > > These are distinct things, though. It would be great if the apache > project could separately identify which keys are going to be used > going forward and which ones are there for historical purposes. Good observation, but we don't have such a concept (yet) (AFAIK), all the foundation docs refer users to the KEYS file. Agreed that it would be useful, moving forwards, to keep the abridged list of KEYS.current in addition to KEYS (historical), for some definition of 'current' being over the past 12 mos or expected to be used in the near future. But I don't think we can or should change the defined use of KEYS.
