On 15. 7. 2026 17:05, [email protected] wrote:
Author: kotkov
Date: Wed Jul 15 15:05:38 2026
New Revision: 86005

Log:
Regenerate subversion-1.15.0-rc3.KEYS.

Modified:
    dev/subversion/subversion-1.15.0-rc3.KEYS

Modified: dev/subversion/subversion-1.15.0-rc3.KEYS
==============================================================================
--- dev/subversion/subversion-1.15.0-rc3.KEYS   Wed Jul 15 13:01:53 2026        
(r86004)
+++ dev/subversion/subversion-1.15.0-rc3.KEYS   Wed Jul 15 15:05:38 2026        
(r86005)
@@ -895,64 +895,67 @@ PnUZ0818AKDB7Reb972Awsrt/5//pumcVXmAUQ==
  -----END PGP PUBLIC KEY BLOCK-----
ASF ID: ivan
-LDAP PGP key: 4829 8F0F E47F 4B8A 43FD  6525 919F 6F61 F6AD 8147
+LDAP PGP key: D667 8482 E2ED 5750 E28B  6929 2FB2 2D0D 4ADC 662A
-pub rsa4096/919F6F61F6AD8147 2013-04-01 [SC]
-      Key fingerprint = 4829 8F0F E47F 4B8A 43FD  6525 919F 6F61 F6AD 8147
-uid                 [ unknown] Ivan Zhakov<[email protected]>
-sub   rsa4096/B5B5EBA1C1F0F3B9 2013-04-01 [E]
-      Key fingerprint = FC77 9BCE A21C AEC4 FFFD  6083 B5B5 EBA1 C1F0 F3B9
+pub   rsa4096/2FB22D0D4ADC662A 2026-07-14 [SC]
+      Key fingerprint = D667 8482 E2ED 5750 E28B  6929 2FB2 2D0D 4ADC 662A
+uid                 [ unknown] Ivan Zhakov (CODE SIGNING KEY)<[email protected]>
+sub   rsa4096/C62470648595D168 2026-07-14 [E]
+      Key fingerprint = 9F3F 4DF5 6E1A EF95 73AB  F318 C624 7064 8595 D168
[...]

I don't think this is correct. All the keys ever used to sign releases should be in here, even if they're now expired or revoked. In other words, the old fingerprints should still be listed on id.apache.org, which is the source of truth.

-- Brane

Reply via email to