[
https://issues.apache.org/jira/browse/COMDEV-400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17286416#comment-17286416
]
Sebb commented on COMDEV-400:
-----------------------------
> Do those individual keys remain available for ASF accounts that are disabled
> or removed later?
Not as far as I know
> Once someone has signed a release I think their keys should remain available
> for ever.
Agreed, which is one reason why the project keys files are not useful.
> Drop project keys files
> -----------------------
>
> Key: COMDEV-400
> URL: https://issues.apache.org/jira/browse/COMDEV-400
> Project: Community Development
> Issue Type: Bug
> Components: Comdev, PhoneBook, Website
> Environment: https://people.apache.org/keys/group/
> Reporter: Sebb
> Priority: Major
>
> The project keys files should be dropped.
> On the face of it the project keys files could be useful, however that is not
> the case in practise. This is because:
> * not all release signers are members of the project group
> * release signing keys need to be kept even after a project goes to the attic
> or the signer leaves the pmc group.
> Leaving the project keys files around has may result it inappropriate usage
> (as it has previously).
> [Note that the individual keys are still available.]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org
