From: Marius Bakke Subject: Re: wrong key used for signing Date: Tue, 28 Mar 2017 15:03:23 +0200 >> If you can send a signed message (using key D77D54FD according to >> my >> books) containing the public key of the key used to sign these >> commits >> (so they can be verified), I think that is proof enough. Assuming >> you >> admit to making them, of course :-) > > To be clear, simply "vouching" for the commits in a signed message > is > good enough for me. It would be good to have the signing key for > future > reference, but if you don't want to disclose it I'm fine with that. As Leo found out, it's just an old key (that I didn't intend to use anymore, I should probably just revoke it). For now, I signed it with the new key (find it here: http://http-keys.gnupg.net/pks/lookup?search=0x91E12B08&op=vindex). For sake of completeness: I vouch for the commits referenced in the attached log. Thomas