Conversation
|
@pedro-hos Please keep an eye on #wildfly-developers > Inactivating gpg keys where we'll figure out how to handle this kind of thing. |
bstansberry
left a comment
bstansberry
left a comment
There was a problem hiding this comment.
#880 will add the ability to display previously-used but no longer used keys, so we need some changes here to reflect that.
We don't want to drop records for previously used keys as what they signed still exists.
| - id: ed25519/0x80C9A5BA | ||
| key: 51F8871824A19B8C3EE6708AC34DC24F80C9A5BA | ||
| link: https://keys.openpgp.org/vks/v1/by-fingerprint/51F8871824A19B8C3EE6708AC34DC24F80C9A5BA | ||
| fingerprint: 51F8 8718 24A1 9B8C 3EE6 708A C34D C24F 80C9 A5BA |
There was a problem hiding this comment.
Please restore this and add two more attributes:
invalidated: 2026-03-10
invalidated-reason: No longer used
The 'invalidated' date can be earlier if you know it wasn't used prior to March 10. It basically tells readers not to treat anything signed with that key after that date as valid.
The "invalidated-reason" is free form text; it can say what you want. (If someone stopped being a Maintainer we might update their records to say "No longer maintaining WildFly projects" or something. This is why there is a "reason" field.)
There was a problem hiding this comment.
Thank you @bstansberry I've just update. I think that is failing because ROQ needs some changes, right?
I need to update my signing keys since I lost my previous data.
2 participants
I need to update my signing keys since I lost my previous data.