https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #23 from Sidney Markowitz <[email protected]> 2010-01-19 10:13:14 UTC --- +1 Ok, I think I understand it now - This file contains both the release signing key and the sa-update signing key. The former is new because we can no longer use the old one. The latter is unchanged but has been cross-signed so that going forward it will be compatible with newer versions of gpg, however the older copy of the key is still usable. sa-update is packaged with this sa-update key independent of this proposed change to this file so someone installing 3.3.0 does not have to download this file after we commit this change even if they run a current version of GPG. This proposed file will serve the purposes of both the KEYS file and the sa-update-pubkey.txt file, but is not the same as the http://spamassassin.apache.org/updates/GPG.KEY although it would not hurt to use this file for that one, as that one only needs to have the sa-update signing key in it. And finally, I think we do need to update http://spamassassin.apache.org/updates/GPG.KEY with the cross-signed version of the sa-update key, which cam be done by using this file for that too, or by exporting just the sa-update key and uploading that, is that correct? $ gpg -v GPG.KEY gpg: armor header: Version: GnuPG v1.4.2 (SunOS) pub 4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key <[email protected]> sig 5244EC45 2005-12-20 [selfsig] sub 4096R/24F434CE 2005-12-20 sig 5244EC45 2005-12-20 [keybind] sig 5244EC45 2008-01-10 [keybind] As compared to the portion of gpg -v output from this file: pub 4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key <[email protected]> sig 5244EC45 2005-12-20 [selfsig] sig 298BC7D0 2008-08-07 Justin Mason <[email protected]> sig 265FA05B 2008-08-07 SpamAssassin Signing Key <[email protected]> sig 6CB1BC68 2008-05-12 Alain Wolf <[email protected]> sig 7DF1F870 2008-07-27 Frank C. Langbein <[email protected]> sig F7D39814 2010-01-16 SpamAssassin Project Management Committee <[email protected]> sub 4096R/24F434CE 2005-12-20 sig 5244EC45 2005-12-20 [keybind] sig 5244EC45 2008-01-10 [keybind] -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
