https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #25 from Justin Mason <[email protected]> 2010-01-20 04:25:06 UTC --- (In reply to comment #23) > +1 > > Ok, I think I understand it now - This file contains both the release signing > key and the sa-update signing key. The former is new because we can no longer > use the old one. The latter is unchanged but has been cross-signed so that > going forward it will be compatible with newer versions of gpg, however the > older copy of the key is still usable. sa-update is packaged with this > sa-update key independent of this proposed change to this file so someone > installing 3.3.0 does not have to download this file after we commit this > change even if they run a current version of GPG. This proposed file will > serve > the purposes of both the KEYS file and the sa-update-pubkey.txt file, but is > not the same as the http://spamassassin.apache.org/updates/GPG.KEY although it > would not hurt to use this file for that one, as that one only needs to have > the sa-update signing key in it. And finally, I think we do need to update > http://spamassassin.apache.org/updates/GPG.KEY with the cross-signed version > of > the sa-update key, which cam be done by using this file for that too, or by > exporting just the sa-update key and uploading that, is that correct? all correct ;) I suggest we use this entire file for /updates/GPG.KEY -- try to keep it simple(ish). -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
