Thanks! I was just sitting here thinking about the merits of verifying a new key request like that by some kind of secure signature system, versus just posting the request on a public mailing list, and having a human acknowledge to the developer's previously known email address. I have to say, I can't see much more security benefit from the first method, that would justify the extra hassle. The second method is pleasantly simple.
Andrew E. Schulman Office of Compliance U.S. Environmental Protection Agency 202-564-5244 -----Original Message----- From: Jon Turney <jon.tur...@dronecode.org.uk> Sent: Thursday, February 20, 2020 4:32 PM To: cygwin-apps@cygwin.com Cc: Schulman, Andrew <schulman.and...@epa.gov> Subject: Re: updated SSH key On 20/02/2020 19:37, Andrew Schulman via cygwin-apps wrote: > Name: Andrew Schulman Done.