David Craven <[email protected]> skribis: >> According to "git log --show-signature" on my machine, several recent >> commits by you (including this one) were signed with a different key >> than the one you have registered on Savannah. Savannah has key >> C5E051C79C0BECDB, but your recent commits were signed with key >> 33B9E9FDE28D2C23. How are we to confirm the authenticity of this key >> and of these commits? > > Hi Mark, > > I revoked my old key and published a new one to mit.edu. I mentioned > it in an email that I lost access to my previous key - I know - shame > on me - and if it was ok to simply regenerate a key and start signing > with it. I did not get a reply and assumed that keys expire and are > revoked from time to time so it must be ok. Please let me know what I > can do to remedy this issue.
I don’t remember seeing that message. We still have little infrastructure in place around signed commits, but we should definitely have a process for changing keys. When switching to a new key, we should make sure to let everyone else know. Ludo’.
