(now actually including the signature... sigh)

From: Marius Bakke <mbakke@fastmail.com>
Subject: Re: wrong key used for signing
Date: Tue, 28 Mar 2017 15:03:23 +0200

>> If you can send a signed message (using key D77D54FD according to
>> my
>> books) containing the public key of the key used to sign these
>> commits
>> (so they can be verified), I think that is proof enough. Assuming
>> you
>> admit to making them, of course :-)
>
> To be clear, simply "vouching" for the commits in a signed message
> is
> good enough for me. It would be good to have the signing key for
> future
> reference, but if you don't want to disclose it I'm fine with that.

As Leo found out, it's just an old key (that I didn't intend to use
anymore, I should probably just revoke it).  For now, I signed it
with the new key (find it here:
http://http-keys.gnupg.net/pks/lookup?search=0x91E12B08&op=vindex).

For sake of completeness: I vouch for the commits referenced in the
attached log.

Thomas