On Tue, 5 Jan 2016, Karl Berry wrote: > > I have imported PGP keys of the texinfo maintainers from > > https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=texinfo > > As far as I know, there is no particular guarantee that that list of > keys is meaningful. Apparently it contains keys of all members of the > texinfo group (which is quite different than "maintainers") on Savannah > .. at some random time.
> You can see that Gavin is an administrator of the texinfo group at > https://savannah.gnu.org/projects/texinfo/, and posted the 6.0 > news announcement there. Yes, I have noticed it only after posting the group. I have browsed the archives of help-texinfo and bug-texinfo and didn't find the release annoucement (I am sure I didn't search hard enough). > At any rate, The only official source of "who is the maintainer" is > /gd/gnuorg/maintainers on fencepost.gnu.org (which does list Gavin). I > know that file is not available from the outside (intentionally -- rms's > decision many years ago), but still, that is the reality. > > Anyway, the answer is yes, it is ok and expected that the release > tarball is signed by Gavin. Thanks, normally it is difficult to find a canonical list of the maintainers' keys of the project, but I thought that savannah list is my best bet. Maybe the keys of the maintainers from the /gd/gnuorg/maintainers could be exported automatically to some keyring? (No idea why it is so secret). Alternatively, maybe if the keys were cross-signed among the maintainers... Gavin's key was pretty fresh, had no signatures and had some fancy *[email protected] account behind it (apologies to Gavin). So I thought I'd rather ask. Thank you for your time! Marcin
