[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New signing key

From: Eric Bavier
Subject: Re: New signing key
Date: Wed, 23 Jun 2021 16:05:06 +0000

On Wed, 2021-06-23 at 15:48 +0200, Ludovic Courtès wrote:
> Hi,
> Apologies for the delay!
> Eric Bavier <> skribis:
> > I've updated my GPG key on Savannah with a new signing subkey and uid.
> Done in 3694c0d4fee0f7faf130ecd9386ea45932a19543.

Thank you Thank you!

>   In
> d1d2bf3eb6ba74b058969756a97a30aec7e0c4d1 I added your new key and
> renamed the old one, but perhaps we can just remove the old one, if the
> old sub-key is still in the new one?

I think the old key is still there, yes.  I didn't remove it, just
added the new key.

> Anyway, you should be able to push to ‘master’ now.  Please double-check
> with ‘guix git authenticate’ (and the pre-push hook) that everything’s
> fine.

Will do.

> > Could a maintainer do the necessary repo updates?
> Note that any committer who’s checked that all is fine can do this, but
> I guess everyone was busy hacking (or reviewing!).  ;-)

I completely understand.  I didn't trust myself to know how to check
that all is fine. :)

> In the future, unless you lose control of the key, it’s even better if
> you do it yourself: push a commit signed with the old key that
> introduces the new key.  Otherwise we have to trust that you really are
> the one who uploaded the new key on Savannah.

In this case, the old key had already expired.  I think others here
have reset the expiry date on their keys before?  I like the idea of
honoring the expiration dates I set, and creating a new key.  But I'm
also willing to adopt whatever we decide is a best practice.

Thanks again,


Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]