: It shouldn't hold a key you don't trust 100%. Presumably the very old : committers are still happy that their keys are in their possession.
* if you feel that people can still trust releases signed with that key, then it should stay in the KEYS file. * If you don't feel that people can still trust releases signed with that key, then removing that key from KEYS isn't enough -- those releases should also be verified and resigned with a key that can be trusted. ...that is the theory anyway, as i understand it. Wether it's actaully worth re-signing old releases (as a practical issue) is another matter. -Hoss --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
