https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #41 from Darxus <[email protected]> 2011-05-26 22:10:10 UTC --- Created attachment 4907 --> https://issues.apache.org/SpamAssassin/attachment.cgi?id=4907 New KEYS / GPG.KEY / sa-update-pubkey.txt file This file contains *only* the release signing key (F7D39814), the sa-updates signing key (5244EC45), and the deprecated release signing key (265FA05B). I agree it should be used to replace all three existing key files - KEYS, GPG.KEY, and sa-update-pubkey.txt. I think this file should only contain keys which are used to sign stuff for SpamAssassin. If people want to check the signatures on these keys, all they need to do to grab the signing keys is: gpg -v KEYS | grep ^sig | awk '{print $2}' | xargs gpg --recv-keys So this file should just be used to provide some authentication that these keys are legitimate SpamAssassin signing keys. This does not need to be coordinated with bug 6288. Some related info can be found in bug 5775. I wrote some related stuff a decade ago, which probably doesn't still work: http://www.chaosreigns.com/code/sigtrace/ http://www.chaosreigns.com/code/sig2dot/debian.html -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
