Would it be a good idea to have one centralized KEYS file for all commons developers? It'd be easier to update, delete or revoke any single key and remove a lot of duplication.
I was reviewing the IO 1.3.2 RC and I couldn't find the key Jochen used to sign the release tarballs. I don't see any reason offhand why it shouldn't be in the same place as the keys to verify any other release. Thoughts?