I think so. On 19 July 2017 at 10:46, Gary Gregory <garydgreg...@gmail.com> wrote:
> On Jul 19, 2017 08:43, "Matt Sicker" <boa...@gmail.com> wrote: > > On 18 July 2017 at 15:02, Stefan Bodewig <bode...@apache.org> wrote: > > > > We shouldn't remove any key that has been used to sign a release in the > > past. No matter how long in the past :-) > > > > What about expired keys? > > > Can't those still be used to validate old releases? > > Gary > > > -- > Matt Sicker <boa...@gmail.com> > -- Matt Sicker <boa...@gmail.com>
