Hi,
one of the debian packagers of apr/httpd has noticed that current gpg
refuses to work with some of the old keys in apr's KEYS file because they
use MD5:
==
$ mkdir ring
$ chmod 700 ring
$ wget https://www.apache.org/dist/apr/KEYS
$ gpg2 --homedir ring --import KEYS
gpg: keyring `ring/secring.gpg' created
gpg: keyring `ring/pubring.gpg' created
gpg: ring/trustdb.gpg: trustdb created
gpg: key E005C9CB: public key Greg Stein gst...@lyra.org imported
gpg: key 13046155: public key Thom May thom...@apache.org imported
gpg: key E2226795: public key Justin R. Erenkrantz jerenkra...@apache.org
imported
gpg: key DE885DD3: public key Sander Striker stri...@apache.org imported
gpg: Note: signatures using the MD5 algorithm are rejected
gpg: key 10FDE075: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: key B55D9977: public key William A. Rowe, Jr. wr...@rowe-clan.net
imported
gpg: key CC8B0F7E: public key Aaron Bannert abann...@kuci.org imported
gpg: key 5C1C3AD7: public key David Reid dr...@apache.org imported
gpg: key 42721F00: public key Paul Querna c...@force-elite.com imported
gpg: key 9BCFCE2F: public key Garrett Rooney roo...@electricjellyfish.net
imported
gpg: key 159BB6F8: public key Bradley Nicholes bnicho...@apache.org imported
gpg: key 4DAA1988: public key Bojan Smojver bo...@rexursive.com imported
gpg: key 08C975E5: public key Jim Jagielski j...@apache.org imported
gpg: key 751D7F27: public key Graham Leggett minf...@sharp.fm imported
gpg: key 39FF092C: public key Jeff Trawick (CODE SIGNING KEY)
traw...@apache.org imported
gpg: key 41CEFDE0: public key Stefan Fritsch s...@sfritsch.de imported
$ gpg2 --homedir ring --list-keys
ring/pubring.gpg
pub 1024D/E005C9CB 2002-08-15
uid [ unknown] Greg Stein gst...@lyra.org
uid [ unknown] Greg Stein gst...@apache.org
uid [ unknown] Greg Stein gst...@collab.net
pub 1024D/13046155 2000-10-08
uid [ unknown] Thom May thom...@apache.org
uid [ unknown] Thom May t...@planetarytramp.net
uid [ unknown] Thom May t...@debian.org
uid [ unknown] Thom May t...@tsw.org.uk
sub 1024g/C0B77EEF 2000-10-08
pub 1024D/E2226795 1999-09-19
uid [ unknown] Justin R. Erenkrantz jerenkra...@apache.org
uid [ unknown] Justin R. Erenkrantz jerenkra...@ebuilt.com
sub 2048g/8B626683 1999-09-19
pub 1024D/DE885DD3 2002-04-10
uid [ unknown] Sander Striker stri...@apache.org
uid [ unknown] Sander Striker stri...@striker.nl
sub 2048g/532D14CA 2002-04-10
pub 4096R/B55D9977 2008-04-09 [expires: 2018-07-07]
uid [ unknown] William A. Rowe, Jr. wr...@rowe-clan.net
uid [ unknown] William A. Rowe, Jr. wr...@apache.org
uid [ unknown] William A. Rowe, Jr. william.r...@springsource.com
pub 1024D/CC8B0F7E 2001-10-02
uid [ unknown] Aaron Bannert abann...@kuci.org
uid [ unknown] Aaron Bannert aa...@clove.org
uid [ unknown] Aaron Bannert aa...@covalent.net
uid [ unknown] Aaron Bannert aa...@apache.org
sub 2048g/87DB90E0 2001-10-02
pub 1024D/5C1C3AD7 2002-11-17
uid [ unknown] David Reid dr...@apache.org
sub 2048g/4CD63851 2002-11-17
pub 1024D/42721F00 2004-01-17
uid [ unknown] Paul Querna c...@force-elite.com
uid [ unknown] Paul Querna c...@cyan.com
uid [ unknown] Paul Querna pque...@apache.org
uid [ unknown] Paul Querna c...@corelands.com
sub 2048g/7A2BE310 2004-01-17
pub 1024D/9BCFCE2F 2005-11-22
uid [ unknown] Garrett Rooney roo...@electricjellyfish.net
uid [ unknown] Garrett Rooney roo...@apache.org
sub 2048g/87DDD6FE 2005-11-22
pub 1024D/159BB6F8 2005-12-07
uid [ unknown] Bradley Nicholes bnicho...@apache.org
sub 2048g/431E3F11 2005-12-07
pub 2048R/4DAA1988 2008-08-20
uid [ unknown] Bojan Smojver bo...@rexursive.com
sub 2048R/9E49284A 2008-08-20 [expires: 2018-08-18]
sub 2048R/CAA19524 2008-08-20 [expires: 2018-08-18]
pub 1024D/08C975E5 1999-04-14
uid [ unknown] Jim Jagielski j...@apache.org
uid [ unknown] Jim Jagielski j...@jagunet.com
uid [ unknown] Jim Jagielski j...@jimjag.com
uid [ unknown] Jim Jagielski j...@covalent.net
uid [ unknown] Jim Jagielski jim.jagiel...@springsource.com
sub 2048g/4CCDB430 1999-04-14
pub 1024D/751D7F27 1999-08-19
uid [ unknown] Graham Leggett minf...@sharp.fm
uid [ unknown] Graham Leggett minf...@apache.org
sub 2048g/18F4AD9E 1999-08-19
pub 4096R/39FF092C 2010-01-19
uid [ unknown] Jeff Trawick (CODE SIGNING KEY) traw...@apache.org
sub 4096R/E4799D69 2010-01-19
pub 4096R/41CEFDE0 2009-07-10
uid [ unknown] Stefan Fritsch s...@sfritsch.de
uid [ unknown] Stefan Fritsch s...@debian.org
uid [ unknown] Stefan Fritsch s...@apache.org
sub 4096R/1AE300C2 2009-07-10
==
Can we clean that file up a bit and remove all people who have been
in-active for quite some time? Ideally,
