On 6 October 2014 08:16, Stefan Bodewig <bode...@apache.org> wrote: > >> Just a note on the GPG key, it might be a good idea to upgrade to a >> stronger one. 1024 bits keys are discouraged nowadays. > >> http://www.apache.org/dev/release-signing > > I know, but leaving behind a key that has accumulated signatures over > more than ten years is hard ...
I assume that the people who signed your key trust that it is still yours. If you use it to sign your new key, is that not sufficient? > Stefan > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
