guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Commits signed by key not registered on Savannah


From: Ludovic Courtès
Subject: Re: Commits signed by key not registered on Savannah
Date: Sat, 11 Feb 2017 15:35:21 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

David Craven <address@hidden> skribis:

>> According to "git log --show-signature" on my machine, several recent
>> commits by you (including this one) were signed with a different key
>> than the one you have registered on Savannah.  Savannah has key
>> C5E051C79C0BECDB, but your recent commits were signed with key
>> 33B9E9FDE28D2C23.  How are we to confirm the authenticity of this key
>> and of these commits?
>
> Hi Mark,
>
> I revoked my old key and published a new one to mit.edu. I mentioned
> it in an email that I lost access to my previous key - I know - shame
> on me - and if it was ok to simply regenerate a key and start signing
> with it. I did not get a reply and assumed that keys expire and are
> revoked from time to time so it must be ok. Please let me know what I
> can do to remedy this issue.

I don’t remember seeing that message.

We still have little infrastructure in place around signed commits, but
we should definitely have a process for changing keys.  When switching
to a new key, we should make sure to let everyone else know.

Ludo’.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]