Hi, What about running a "Virtual Key-Signing Party" to perform signing of our GPG keys ?
This document about the "Apache Web of trust" will help understand this topic https://infra.apache.org/release-signing.html#web-of-trust Usually it works like this: - everybody in the meeting shows himself and an identity document - we exchange the fingerprints of our GPG keys - everybody "signs" the keys of the other participants to the party Everybody can join the party, no need to be a "committer". I can send an invitation for this party in a convenient time across the timezones of the participants, like around early morning (8:00/8:30 AM?) in California and evening in Europe like we did many months ago for Community meetings. Enrico