I just had to update my apache signing key as it was obsolete (old sha1
algorithm no longer supported)
As a result, I now have a new signing key, but no web of trust for it.
It would be good if I had some trusted parties sign my new key.
Instructions are here:
https://cwiki.apache.org/confluence
I support just modernizing the current KEYS file, not worrying about people
getting a failure when validating older releases using a newer KEYS file.
Instructions on how to validate could point this out, i.e., that KEYS
technology has changed so older releases require older KEYS files
correspondin