> It might be nice to associate with each committer, a list of all keys > that they have ever used to sign commits in our git repository.
> Keys would be added to the list over time, but never removed. Sounds good. Where would we put that list? And does that list also need to be signed? Puh, lucky for me I don't have to be responsible for that key =P For now my public keys are published on mit.edu, so they shouldn't be lost and can be retrieved when this list materializes. > The conventional usage of Savannah's ssh key registry is to include only > currently active keys, and that's needed as well. I updated the key.
