On Wed, 2021-06-23 at 15:48 +0200, Ludovic Courtès wrote: > Hi, > > Apologies for the delay! > > Eric Bavier skribis: > > > I've updated my GPG key on Savannah with a new signing subkey and uid. > > Done in 3694c0d4fee0f7faf130ecd9386ea45932a19543. Thank you Thank you! > In > d1d2bf3eb6ba74b058969756a97a30aec7e0c4d1 I added your new key and > renamed the old one, but perhaps we can just remove the old one, if the > old sub-key is still in the new one? I think the old key is still there, yes. I didn't remove it, just added the new key. > > Anyway, you should be able to push to ‘master’ now. Please double-check > with ‘guix git authenticate’ (and the pre-push hook) that everything’s > fine. Will do. > > > Could a maintainer do the necessary repo updates? > > Note that any committer who’s checked that all is fine can do this, but > I guess everyone was busy hacking (or reviewing!). ;-) I completely understand. I didn't trust myself to know how to check that all is fine. :) > > In the future, unless you lose control of the key, it’s even better if > you do it yourself: push a commit signed with the old key that > introduces the new key. Otherwise we have to trust that you really are > the one who uploaded the new key on Savannah. In this case, the old key had already expired. I think others here have reset the expiry date on their keys before? I like the idea of honoring the expiration dates I set, and creating a new key. But I'm also willing to adopt whatever we decide is a best practice. Thanks again, `~Eric