From d8e2b007e3a66363e9f67ab576bd37845a52c815 Mon Sep 17 00:00:00 2001 From: Javen O'Neal Date: Wed, 9 Nov 2016 08:57:26 +0000 Subject: [PATCH] KEYS file should only have public keys used to sign previous releases git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1768877 13f79535-47bb-0310-9956-ffa450edef68 --- KEYS | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/KEYS b/KEYS index adc245d131..5926e7c288 100644 --- a/KEYS +++ b/KEYS @@ -9,6 +9,14 @@ Developers: (gpg --list-key && gpg --armor --export ) >> this file. +Since the KEYS may be needed to check signatures for archived +releases, it is important that all keys that have ever been used +to sign releases are retained in the file. Entries should only +be added, not removed. +To keep the KEYS file manageable, it's recommended to only add +the keys of committers who have signed releases. +https://www.apache.org/dev/release-signing#keys-policy +https://people.apache.org/keys/ pub 1024D/12DAE9BE 2004-01-25 Glen Stampoultzis