You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@poi.apache.org by on...@apache.org on 2016/11/09 08:57:26 UTC

svn commit: r1768877 - /poi/trunk/KEYS

Author: onealj
Date: Wed Nov  9 08:57:26 2016
New Revision: 1768877

URL: http://svn.apache.org/viewvc?rev=1768877&view=rev
Log:
KEYS file should only have public keys used to sign previous releases

Modified:
    poi/trunk/KEYS

Modified: poi/trunk/KEYS
URL: http://svn.apache.org/viewvc/poi/trunk/KEYS?rev=1768877&r1=1768876&r2=1768877&view=diff
==============================================================================
--- poi/trunk/KEYS (original)
+++ poi/trunk/KEYS Wed Nov  9 08:57:26 2016
@@ -9,6 +9,14 @@ Developers:
         (gpg --list-key <your email>
              && gpg --armor --export <your email>) >> this file.
 
+Since the KEYS may be needed to check signatures for archived
+releases, it is important that all keys that have ever been used
+to sign releases are retained in the file. Entries should only
+be added, not removed.
+To keep the KEYS file manageable, it's recommended to only add
+the keys of committers who have signed releases.
+https://www.apache.org/dev/release-signing#keys-policy
+https://people.apache.org/keys/
 
 
 pub  1024D/12DAE9BE 2004-01-25 Glen Stampoultzis <gl...@apache.org>



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org