On Sun, 18 Feb 2024 at 17:14, Craig Russell <apache....@gmail.com> wrote: > > As you might have notices, we received an SGA signed with a GPG key. Whimsy > verified the key but as far as I can see, the filing process did not store > the key in the repository.
Note that all the sig checks are done in the same routine, which saves the key if it was successfully imported. It tried to save the SGA key, but failed; there was a problem with the credentials (which I will try to fix). Was no error reported? > Perhaps we should change the name of the key repository to reflect that any > of several documents might be signed, and change the code to store the key if > it is used to sign any of the documents. > The __keys__ directory is currently under iclas; perhaps it should be moved to the same level as the iclas, cclas and grants. > WDYT? > > Craig L Russell > c...@apache.org >
