Hi Simon, > However > isn't the canonical set of PGP keys for a project distributed from > Savannah though? If I'm signing the git bundle, it would be nice if the > gnulib PGP keys on Savannah included my key.
The OpenPGP keys for all GNU packages are distributed through the GNU keyring <https://ftp.gnu.org/gnu/gnu-keyring.gpg>, and it is publicized through the info-gnu announcements [1]. Therefore what is the additional benefit of having these per-package keyrings on savannah? (I wasn't even aware of this info, but yes I see that some of your packages [2][3] have it.) It's extra work to keep this per-package keyring up-to-date. Bruno [1] https://lists.gnu.org/archive/html/info-gnu/2025-02/msg00007.html [2] https://savannah.gnu.org/projects/libtasn1 [3] https://savannah.nongnu.org/projects/oath-toolkit/
