5924 – [review] cross-sign GPG keys, have an official SA keyring

Bug 5924 - [review] cross-sign GPG keys, have an official SA keyring

Summary: [review] cross-sign GPG keys, have an official SA keyring

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Spamassassin
Classification:	Unclassified
Component:	Libraries (show other bugs)
Version:	3.3.0
Hardware:	Other All

Importance:	P2 normal
Target Milestone:	3.4.1
Assignee:	SpamAssassin Developer Mailing List

URL:
Whiteboard:	Needs 2 votes Needs commit to trunk
Keywords:

Depends on:
Blocks:

Reported:	2008-06-16 11:34 UTC by tm
Modified:	2015-04-07 13:40 UTC (History)
CC List:	6 users (show)

Attachment	Type	Actions	Submitter/CLA Status
new KEYS keyring file	text/plain	None	Justin Mason
newer new KEYS keyring file	text/plain	None	Justin Mason
fixed	text/plain	None	Justin Mason
another new KEYS file, with URLs	text/plain	None	Justin Mason
new KEYS file with direct signers' pubkeys	text/plain	None	Justin Mason
another recut, with Warren and my pubkeys	text/plain	None	Justin Mason
New KEYS / GPG.KEY / sa-update-pubkey.txt file	text/plain	None	Darxus
KEYS file with just the necessary three, with my signing added	text/plain	None	Sidney Markowitz
Show Obsolete (7) Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description tm 2008-06-16 11:34:56 UTC

In SA 3.2.2, the SA Release Team key was used to sign SA rules updates. In SA 3.2.4, this seems to no longer be true, and/or the key and signature checking by more recent versions of GnuPG could have become stricter. In any case, running sa-update with the newer version fails due to an invalid signature.

The man page for sa-update mentions that the rule updates are signed by the SA Release Team's key, but the corresponding wiki page specifies a different key. It would be imho very much desirable to have some way to learn, and distribute, authorized keys, so users (like me) can learn that this or that key is indeed sanctioned to sign the rule update (or at least, rule updates done by the SA Release Team). Currently, no such thing appears to be available.

I'd like to see something similar like the "Debian Keyring", but for works of the SpamAssassin project, so I can adapt to eg. changing group members by upgrading my keyring package in a secure way. Simply going to the wiki and using cut&paste on the keys mentioned there does not carry the same amount of confidence.

Comment 1 Matus UHLAR - fantomas 2008-08-07 00:45:45 UTC

I just downgraded gnupg 2.0.9 to 2.0.7 because of this problem. It works, but I think that the proposed scheme is better way to go, therefore I sign under this bug...

Comment 2 Justin Mason 2008-08-07 01:41:48 UTC

here's what those keys look like:


: jm 78...; gpg -v rules/sa-update-pubkey.txt
gpg: armor header: Version: GnuPG v1.4.2 (SunOS)
pub  4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key <release@spamassassin.org>
sig        5244EC45 2005-12-20   [selfsig]
sub  4096R/24F434CE 2005-12-20
sig        5244EC45 2005-12-20   [keybind]
sig        5244EC45 2008-01-10   [keybind]

: jm 79...; wget http://www.apache.org/dist/spamassassin/KEYS
--09:23:57--  http://www.apache.org/dist/spamassassin/KEYS
           => `KEYS'
Resolving www.apache.org... 140.211.11.130
Connecting to www.apache.org|140.211.11.130|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2,269 (2.2K) [text/plain]

100%[===========================================================>] 2,269         --.--K/s

09:23:58 (78.24 MB/s) - `KEYS' saved [2269/2269]

: jm 80...; gpg -v KEYS
gpg: armor header: Version: GnuPG v1.2.5 (FreeBSD)
pub  1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
sig        265FA05B 2003-08-21   [selfsig]
sig        E580B363 2003-08-21   Theo Van Dinter <felicity@kluge.net>
uid                            SpamAssassin Signing Key <spamassassin-devel@lists.sourceforge.net>
rev        265FA05B 2004-08-16   [selfsig]
sig        265FA05B 2003-06-09   [selfsig]
sig        E580B363 2003-06-09   Theo Van Dinter <felicity@kluge.net>
sig        8C80C35F 2003-06-09   Rod Begbie <rod@null.net>
sig        6E58EF0A 2003-08-21   [User ID not found]


ok, fair point -- those keys don't sign each other.  I've fixed that now with the following KEYS file (attached), which looks like this:

: jm 94...; gpg -v KEYS
gpg: armor header: Version: GnuPG v1.4.7 (FreeBSD)
pub  1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
sig        265FA05B 2003-08-21   [selfsig]
sig        E580B363 2003-08-21   Theo Van Dinter <felicity@kluge.net>
sig        ADD4C933 2004-05-09   [User ID not found]
sig        677BA1EC 2004-09-30   [User ID not found]
sig        E213B692 2004-09-30   [User ID not found]
sig        5DC3F473 2004-09-30   [User ID not found]
sig        298BC7D0 2008-08-07   Justin Mason <jm@jmason.org>
uid                            SpamAssassin Signing Key <spamassassin-devel@lists.sourceforge.net>
rev        265FA05B 2004-08-16   [selfsig]
sig        265FA05B 2003-06-09   [selfsig]
sig        E580B363 2003-06-09   Theo Van Dinter <felicity@kluge.net>
sig        8C80C35F 2003-06-09   Rod Begbie <rod@null.net>
sig        6E58EF0A 2003-08-21   [User ID not found]
sub  1024D/FC51569B 2003-08-21
sig        265FA05B 2003-08-21   [keybind]
pub  1024D/E580B363 1997-11-09 Theo Van Dinter <felicity@kluge.net>
sig        27A914E6 2003-03-17   [User ID not found]
sig        8514CC32 2003-03-17   [User ID not found]
sig        9CFB830A 2002-11-05   [User ID not found]
sig        E580B363 2002-10-09   [selfsig]
sig        E580B363 1997-11-09   [selfsig]
uid                            Theo Van Dinter <tvd@bblisa.org>
sig        8514CC32 2003-03-17   [User ID not found]
sig        9CFB830A 2002-11-05   [User ID not found]
sig        E580B363 2002-10-09   [selfsig]
uid                            Theo Van Dinter <felicity@mkrdns.org>
sig        8514CC32 2003-03-17   [User ID not found]
sig        9CFB830A 2002-11-05   [User ID not found]
sig        E580B363 2002-10-09   [selfsig]
uid                            Theo Van Dinter <felicity@spamassassin.org>
sig        E580B363 2003-06-17   [selfsig]
sub  3072g/B9B33054 1997-11-09
sig        E580B363 1997-11-09   [keybind]
gpg: NOTE: signature key 6E58EF0A expired Sun Oct 10 14:08:04 2004 IST
pub  1024D/6E58EF0A 1999-10-12 Justin Mason <jm@jmason.org>
sig        6E58EF0A 1999-10-12   [selfsig]
sub  1024g/98472126 1999-10-12 [expires: 2004-10-10]
sig        6E58EF0A 1999-10-12   [keybind]
pub  1024D/8C80C35F 1997-08-15 rOD Begbie <rOD@begbie.com>
sig        4C96375D 2001-03-26   [User ID not found]
sig        6AA10B91 2001-03-26   [User ID not found]
sig        8C80C35F 2001-03-26   [selfsig]
sig        6614AC87 2003-06-03   [User ID not found]
uid                            Rod Begbie <rod@null.net>
sig        4C96375D 1997-08-15   [User ID not found]
sig        8C80C35F 1997-08-15   [selfsig]
uid                            Rod Begbie <rbegbi@sapient.com>
sig        8C80C35F 1999-04-26   [selfsig]
uid                            rOD Begbie <rOD@arsecandle.org>
sig        8C80C35F 2001-05-16   [selfsig]
sig        6614AC87 2003-06-03   [User ID not found]
uid                            rOD Begbie <rbegbie@skginc.net>
sig        4C96375D 2001-03-26   [User ID not found]
sig        8C80C35F 2001-03-26   [selfsig]
sig        6AA10B91 2001-03-26   [User ID not found]
sig        6614AC87 2003-06-03   [User ID not found]
uid                            rOD Begbie <rOD@groovymother.com>
sig        8C80C35F 2003-08-05   [selfsig]
sub  2048g/57E8C6A1 1997-08-15
sig        8C80C35F 1997-08-15   [keybind]
pub  4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key <release@spamassassin.org>
sig        5244EC45 2005-12-20   [selfsig]
sig        298BC7D0 2008-08-07   Justin Mason <jm@jmason.org>
sig        265FA05B 2008-08-07   SpamAssassin Signing Key <release@spamassassin.org>
sub  4096R/24F434CE 2005-12-20
sig        5244EC45 2008-01-10   [keybind]

comments?  committers, votes please, and I'll copy it to http://www.apache.org/dist/spamassassin/KEYS , and update links to point to that "official" keyring file.

Comment 3 Justin Mason 2008-08-07 01:42:21 UTC

Created attachment 4354 [details]
new KEYS keyring file

Comment 4 Justin Mason 2009-03-29 13:26:04 UTC

this has been open for ages, but it'd be very good to fix (and isn't a code change).  Accordingly I'm going to take the lack of negative votes as approval and act on this in a day or two.  speak up now if you're not keen.

note btw that no change to the existing keys, used for signing, is involved; it's just changes to their surrounding web of trust, and the "KEYS" files on the distribution sites (iirc).

Comment 5 Justin Mason 2009-12-17 13:36:44 UTC

I'm not sure I fixed this.  let's complete it for 3.3.0

Comment 6 Justin Mason 2009-12-22 04:03:19 UTC

this doesn't need to block any RCs

Comment 7 Justin Mason 2010-01-07 15:09:38 UTC

Created attachment 4628 [details]
newer new KEYS keyring file

I previously regenerated the release signing key to use a 4096-bit RSA privkey, 4096R/7B3265A5, so this needed to be redone.  I also took the opportunity to verify cross-signing and update the signing keys from the keyservers.  The result is attached. 

it's significantly larger (200k!).  I think that's because the export includes the entire web of trust -- so lots of ASF people as well.  that's probably a good thing, though, right?  (any gpg wizards listening?)

Please vote on this to replace rules/sa-update-pubkey.txt and www.apache.org/dist/spamassassin/KEYS...


: 122...; gpg -v ~/DL/KEYS
gpg: armor header: Version: GnuPG v2.0.13 (FreeBSD)
pub  1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>
sig        265FA05B 2003-08-21   [selfsig]
sig        E580B363 2003-08-21   Theo Van Dinter <felicity@kluge.net>
sig        ADD4C933 2004-05-09   [User ID not found]
sig        677BA1EC 2004-09-30   [User ID not found]
sig        E213B692 2004-09-30   [User ID not found]
sig        5DC3F473 2004-09-30   [User ID not found]
sig        298BC7D0 2008-08-07   Justin Mason <jm@jmason.org>
sig        8C80C35F 2003-06-09   Rod Begbie <rod@null.net>
sig        1646A1CF 2004-09-23   [User ID not found]
sig        30B94B5C 2005-05-17   [User ID not found]
sig        7DF1F870 2008-07-27   [User ID not found]
gpg: NOTE: signature key E4B880E2 expired Wed Jul 22 15:58:04 2009 UTC
sig        E4B880E2 2004-11-16   Michael Parker <parkerm@pobox.com>
sig        66A9A510 2005-02-07   [User ID not found]
sig        48EA207B 2006-04-01   [User ID not found]
sig        E580B363 2003-06-09   Theo Van Dinter <felicity@kluge.net>
sig        6E58EF0A 2003-08-21   [User ID not found]
sig        EAE8EB6A 2004-12-05   Malte S. Stretz <mss@msquadrat.de>
sig        F6899BC0 2008-01-08   [User ID not found]
sig        265FA05B 2003-06-09   [selfsig]
uid                            SpamAssassin Signing Key <spamassassin-devel@lists.sourceforge.net>
rev        265FA05B 2004-08-16   [selfsig]
sig        265FA05B 2003-06-09   [selfsig]
sig        E580B363 2003-06-09   Theo Van Dinter <felicity@kluge.net>
sig        8C80C35F 2003-06-09   Rod Begbie <rod@null.net>
sig        6E58EF0A 2003-08-21   [User ID not found]
sub  1024D/FC51569B 2003-08-21
sig        265FA05B 2003-08-21   [keybind]
sig        8C80C35F 2003-06-09   Rod Begbie <rod@null.net>
sig        E580B363 2003-06-09   Theo Van Dinter <felicity@kluge.net>
sig        6E58EF0A 2003-08-21   [User ID not found]
sig        265FA05B 2003-06-09   [selfsig]
pub  1024D/E580B363 1997-11-09 Theo Van Dinter <felicity@kluge.net>
sig        27A914E6 2003-03-17   [User ID not found]
sig        8514CC32 2003-03-17   [User ID not found]
sig        9CFB830A 2002-11-05   [User ID not found]
sig        E580B363 2002-10-09   [selfsig]
sig        E580B363 1997-11-09   [selfsig]
sig        97161B93 2004-07-11   [User ID not found]
sig        314514EE 2003-11-01   [User ID not found]
sig        1A7ED56D 2003-11-01   [User ID not found]
sig        15A86059 2003-11-04   [User ID not found]
sig        F2CF01A8 2003-12-17   [User ID not found]
sig        898AA63C 2004-04-23   [User ID not found]
sig        E26A6F28 2004-07-03   [User ID not found]
sig        68FD549F 2004-07-06   [User ID not found]
sig        873CF1AD 2004-11-19   Cory Friend <cory.friend@atmosenergy.com>
sig        152924AF 2004-12-03   Sander Temme <sander@temme.net>
sig        8C80C35F 2005-02-16   Rod Begbie <rod@null.net>
sig        61326D40 2005-02-16   [User ID not found]
sig        B6CDEDD7 2005-12-09   [User ID not found]
sig        AF226A4C 2005-12-09   [User ID not found]
sig        B80E83A5 2005-12-09   [User ID not found]
sig        E787A300 2005-12-10   [User ID not found]
sig        85796A23 2005-12-13   [User ID not found]
sig        85796A23 2005-12-13   [User ID not found]
sig        B5CE5497 2005-12-16   [User ID not found]
sig        A43C4492 2005-12-26   Carlos Sanchez <carlos@apache.org>
sig        6103BF59 2006-01-17   Davanum Srinivas (CODE SIGNING) <dims@apache.org>
sig        28284F99 2006-01-17   Davanum Srinivas <dims@wso2.com>
sig        65B078B8 2006-12-06   [User ID not found]
sig        4705C9C7 2006-12-06   [User ID not found]
sig        13354673 2006-12-06   [User ID not found]
sig        BB929E54 2008-03-04   J Robert Ray <jrobertray@gmail.com>
sig        45C024FD 2004-07-03   [User ID not found]
sig        E4B880E2 2004-11-14   Michael Parker <parkerm@pobox.com>
sig        9284C452 2004-11-23   Michael A. Dickerson <mikey@singingtree.com>
sig        F5FC4B42 2004-11-24   Theodore W. Leung <twl@sauria.com>
gpg: NOTE: signature key 11DF87E9 expired Sun Jan  1 19:41:31 2006 UTC
sig        11DF87E9 2004-12-04   Paul Weinstein (pdw@vortex4.net) <pdw@vortex4.net>
sig        E4136392 2004-12-11   Noel J. Bergman <noel@apache.org>
sig        F7E3C3B4 2005-02-16   [User ID not found]
sig        845DFEDD 2005-12-15   Gregory S. Sutter <gsutter@zer0.org>
sig        E91AB9B9 2003-05-29   [User ID not found]
sig        677BA1EC 2003-09-12   [User ID not found]
sig        24460EC7 2003-10-29   [User ID not found]
sig        8918AE29 2003-10-30   [User ID not found]
sig        21C3DB20 2003-11-13   [User ID not found]
sig        E213B692 2004-01-13   [User ID not found]
sig        5DC3F473 2004-01-19   [User ID not found]
sig        6E58EF0A 2004-01-21   [User ID not found]
sig        49BB5886 2004-04-23   [User ID not found]
sig        E2E88CEC 2004-04-23   [User ID not found]
sig        B5F1EFB3 2004-04-23   [User ID not found]
sig        5DC682A4 2004-04-24   [User ID not found]
sig        3B2C212B 2004-04-24   [User ID not found]
sig        FD3D2C2E 2004-07-01   [User ID not found]
sig        D1CECB3D 2004-07-02   [User ID not found]
sig        ABFEA412 2004-07-08   [User ID not found]
sig        F894BE12 2004-11-16   [User ID not found]
sig        298BC7D0 2004-11-16   Justin Mason <jm@jmason.org>
sig        CC78C893 2004-11-17   Rich Bowen <rbowen@rcbowen.com>
sig        E04F9A89 2004-11-17   Roy T. Fielding <fielding@gbiv.com>
sig        328AF204 2004-11-18   Rich Feit <rich@apache.org>
sig        E0D4776D 2004-11-22   Ilkka Tammela (illord) <ilkka.tammela@iki.fi>
gpg: NOTE: signature key 12BFE79A expired Sun Oct  1 16:42:47 2006 UTC
sig        12BFE79A 2004-11-22   Kevin L. Collins (General Purpose Key) <kcollins@klcollins.org>
sig        D1AA8962 2004-11-24   Brian Behlendorf <brian@collab.net>
sig        2D2DAA52 2004-11-25   Kevin Crowston <crowston@syr.edu>
sig        1C43D850 2004-11-29   Heather Stephens <heathers@apache.org>
sig        16A8D3AB 2004-12-14   Julie MacNaught <jmacna@apache.org>
sig        23CB7A2A 2004-12-26   David Crossley <crossley@apache.org>
sig        31B0974B 2005-02-16   [User ID not found]
sig        4676F327 2005-02-28   [User ID not found]
sig        21D0A71B 2005-12-13   Dirk-Willem van Gulik <dirkx@asemantics.com>
sig        35C100F0 2005-12-14   [User ID not found]
gpg: NOTE: signature key A879FCF5 expired Sun Nov  5 21:04:09 2006 UTC
sig        A879FCF5 2005-12-16   Gregory Trubetskoy (Grisha) <grisha@ispol.com>
sig        75A67692 2006-02-23   Erik Abele <erik@codefaktor.de>
sig        69AC07B9 2006-12-06   [User ID not found]
sig        6AF52019 2006-12-06   [User ID not found]
sig        236D9400 2006-12-06   [User ID not found]
sig        EE7DC74E 2006-12-06   [User ID not found]
sig        603D4F54 2006-12-06   [User ID not found]
sig        CCE3BD36 2003-08-23   [User ID not found]
sig        E5800910 2003-09-12   [User ID not found]
sig        E580B363 2003-09-12   [selfsig]
sig        E580B363 1997-11-09   [selfsig]
sig        E5800910 2003-09-12   [User ID not found]
sig        E580B363 2003-09-12   [selfsig]
sig        E580B363 2003-09-12   [selfsig]
sig        E580B363 2004-07-05   [selfsig]
sig        E580B363 2002-10-09   [selfsig]
sig        E580B363 2003-09-12   [selfsig]
sig        E580B363 2009-08-12   [selfsig]
sig        65D0FD58 2007-01-29   [User ID not found]
sig        4A24D6F4 2005-02-16   [User ID not found]
sig        F74F343D 2003-11-01   [User ID not found]
sig        8B05342D 2003-11-13   [User ID not found]
sig        4EE1756D 2003-11-06   [User ID not found]
sig        EC140B81 2004-11-16   Dirk-Willem van Gulik <dirkx@wirelessleiden.nl>
sig        C52DCE75 2003-11-01   [User ID not found]
sig        7F75635F 2004-07-25   [User ID not found]
sig        F95C2F6D 2005-12-16   [User ID not found]
sig        5290E477 2004-07-03   [User ID not found]
sig        66A14468 2004-10-27   [User ID not found]
sig        6C7C4F5D 2004-11-17   Robyn Wagner, Esq. <robyn@rwlaw.us>
sig        A8E18D8C 2005-12-11   [User ID not found]
sig        99242560 2005-02-21   [User ID not found]
uid                            Theo Van Dinter <tvd@bblisa.org>
sig        8514CC32 2003-03-17   [User ID not found]
sig        9CFB830A 2002-11-05   [User ID not found]
sig        E580B363 2002-10-09   [selfsig]
sig        F2CF01A8 2003-12-17   [User ID not found]
sig        314514EE 2003-11-01   [User ID not found]
sig        1A7ED56D 2003-11-01   [User ID not found]
sig        15A86059 2003-11-04   [User ID not found]
sig        898AA63C 2004-04-23   [User ID not found]
sig        E26A6F28 2004-07-03   [User ID not found]
sig        68FD549F 2004-07-06   [User ID not found]
sig        152924AF 2004-12-03   Sander Temme <sander@temme.net>
sig        8C80C35F 2005-02-16   Rod Begbie <rod@null.net>
sig        61326D40 2005-02-16   [User ID not found]
sig        B6CDEDD7 2005-12-09   [User ID not found]
sig        AF226A4C 2005-12-09   [User ID not found]
sig        B80E83A5 2005-12-09   [User ID not found]
sig        E787A300 2005-12-10   [User ID not found]
sig        85796A23 2005-12-13   [User ID not found]
sig        85796A23 2005-12-13   [User ID not found]
sig        B5CE5497 2005-12-16   [User ID not found]
sig        A43C4492 2005-12-26   Carlos Sanchez <carlos@apache.org>
sig        A43C4492 2005-12-26   Carlos Sanchez <carlos@apache.org>
sig        6103BF59 2006-01-17   Davanum Srinivas (CODE SIGNING) <dims@apache.org>
sig        6103BF59 2006-01-17   Davanum Srinivas (CODE SIGNING) <dims@apache.org>
sig        28284F99 2006-01-17   Davanum Srinivas <dims@wso2.com>
sig        28284F99 2006-01-17   Davanum Srinivas <dims@wso2.com>
sig        65B078B8 2006-12-06   [User ID not found]
sig        65B078B8 2006-12-06   [User ID not found]
sig        4705C9C7 2006-12-06   [User ID not found]
sig        13354673 2006-12-06   [User ID not found]
sig        13354673 2006-12-06   [User ID not found]
sig        BB929E54 2008-03-04   J Robert Ray <jrobertray@gmail.com>
sig        45C024FD 2004-07-03   [User ID not found]
sig        E4B880E2 2004-11-14   Michael Parker <parkerm@pobox.com>
sig        9284C452 2004-11-23   Michael A. Dickerson <mikey@singingtree.com>
sig        F5FC4B42 2004-11-24   Theodore W. Leung <twl@sauria.com>
sig        11DF87E9 2004-12-04   Paul Weinstein (pdw@vortex4.net) <pdw@vortex4.net>
sig        E4136392 2004-12-11   Noel J. Bergman <noel@apache.org>
sig        F7E3C3B4 2005-02-16   [User ID not found]
sig        845DFEDD 2005-12-15   Gregory S. Sutter <gsutter@zer0.org>
sig        E91AB9B9 2003-05-29   [User ID not found]
sig        677BA1EC 2003-09-12   [User ID not found]
sig        24460EC7 2003-10-29   [User ID not found]
sig        8918AE29 2003-10-30   [User ID not found]
sig        21C3DB20 2003-11-13   [User ID not found]
sig        E213B692 2004-01-13   [User ID not found]
sig        5DC3F473 2004-01-19   [User ID not found]
sig        6E58EF0A 2004-01-21   [User ID not found]
sig        49BB5886 2004-04-23   [User ID not found]
sig        E2E88CEC 2004-04-23   [User ID not found]
sig        3B2C212B 2004-04-24   [User ID not found]
sig        FD3D2C2E 2004-07-01   [User ID not found]
sig        D1CECB3D 2004-07-02   [User ID not found]
sig        ABFEA412 2004-07-08   [User ID not found]
sig        97161B93 2004-07-11   [User ID not found]
sig        F894BE12 2004-11-16   [User ID not found]
sig        298BC7D0 2004-11-16   Justin Mason <jm@jmason.org>
sig        CC78C893 2004-11-17   Rich Bowen <rbowen@rcbowen.com>
sig        E04F9A89 2004-11-17   Roy T. Fielding <fielding@gbiv.com>
sig        328AF204 2004-11-18   Rich Feit <rich@apache.org>
sig        E0D4776D 2004-11-22   Ilkka Tammela (illord) <ilkka.tammela@iki.fi>
sig        12BFE79A 2004-11-22   Kevin L. Collins (General Purpose Key) <kcollins@klcollins.org>
sig        D1AA8962 2004-11-24   Brian Behlendorf <brian@collab.net>
sig        2D2DAA52 2004-11-25   Kevin Crowston <crowston@syr.edu>
sig        1C43D850 2004-11-29   Heather Stephens <heathers@apache.org>
sig        23CB7A2A 2004-12-26   David Crossley <crossley@apache.org>
sig        31B0974B 2005-02-16   [User ID not found]
sig        21D0A71B 2005-12-13   Dirk-Willem van Gulik <dirkx@asemantics.com>
sig        35C100F0 2005-12-14   [User ID not found]
sig        A879FCF5 2005-12-16   Gregory Trubetskoy (Grisha) <grisha@ispol.com>
sig        75A67692 2006-02-23   Erik Abele <erik@codefaktor.de>
sig        69AC07B9 2006-12-06   [User ID not found]
sig        6AF52019 2006-12-06   [User ID not found]
sig        236D9400 2006-12-06   [User ID not found]
sig        236D9400 2006-12-06   [User ID not found]
sig        EE7DC74E 2006-12-06   [User ID not found]
sig        603D4F54 2006-12-06   [User ID not found]
sig        CCE3BD36 2003-08-23   [User ID not found]
sig        E5800910 2002-10-09   [User ID not found]
sig        E580B363 2002-10-09   [selfsig]
sig        E580B363 2009-08-12   [selfsig]
sig        65D0FD58 2007-01-29   [User ID not found]
sig        4A24D6F4 2005-02-16   [User ID not found]
sig        F74F343D 2003-11-01   [User ID not found]
sig        8B05342D 2003-11-13   [User ID not found]
sig        EC140B81 2004-11-16   Dirk-Willem van Gulik <dirkx@wirelessleiden.nl>
sig        C52DCE75 2003-11-01   [User ID not found]
sig        7F75635F 2004-07-25   [User ID not found]
sig        F95C2F6D 2005-12-16   [User ID not found]
sig        5290E477 2004-07-03   [User ID not found]
sig        66A14468 2004-10-27   [User ID not found]
sig        A8E18D8C 2005-12-11   [User ID not found]
sig        99242560 2005-02-21   [User ID not found]
uid                            Theo Van Dinter <felicity@mkrdns.org>
sig        8514CC32 2003-03-17   [User ID not found]
sig        9CFB830A 2002-11-05   [User ID not found]
sig        E580B363 2002-10-09   [selfsig]
sig        677BA1EC 2003-09-12   [User ID not found]
sig        314514EE 2003-11-01   [User ID not found]
sig        1A7ED56D 2003-11-01   [User ID not found]
sig        15A86059 2003-11-04   [User ID not found]
sig        F2CF01A8 2003-12-17   [User ID not found]
sig        898AA63C 2004-04-23   [User ID not found]
sig        E26A6F28 2004-07-03   [User ID not found]
sig        68FD549F 2004-07-06   [User ID not found]
sig        152924AF 2004-12-03   Sander Temme <sander@temme.net>
sig        8C80C35F 2005-02-16   Rod Begbie <rod@null.net>
sig        61326D40 2005-02-16   [User ID not found]
sig        B6CDEDD7 2005-12-09   [User ID not found]
sig        AF226A4C 2005-12-09   [User ID not found]
sig        B80E83A5 2005-12-09   [User ID not found]
sig        E787A300 2005-12-10   [User ID not found]
sig        85796A23 2005-12-13   [User ID not found]
sig        85796A23 2005-12-13   [User ID not found]
sig        B5CE5497 2005-12-16   [User ID not found]
sig        A43C4492 2005-12-26   Carlos Sanchez <carlos@apache.org>
sig        6103BF59 2006-01-17   Davanum Srinivas (CODE SIGNING) <dims@apache.org>
sig        28284F99 2006-01-17   Davanum Srinivas <dims@wso2.com>
sig        65B078B8 2006-12-06   [User ID not found]
sig        4705C9C7 2006-12-06   [User ID not found]
sig        13354673 2006-12-06   [User ID not found]
sig        BB929E54 2008-03-04   J Robert Ray <jrobertray@gmail.com>
sig        45C024FD 2004-07-03   [User ID not found]
sig        E4B880E2 2004-11-14   Michael Parker <parkerm@pobox.com>
sig        9284C452 2004-11-23   Michael A. Dickerson <mikey@singingtree.com>
sig        11DF87E9 2004-12-04   Paul Weinstein (pdw@vortex4.net) <pdw@vortex4.net>
sig        E4136392 2004-12-11   Noel J. Bergman <noel@apache.org>
sig        F7E3C3B4 2005-02-16   [User ID not found]
sig        845DFEDD 2005-12-15   Gregory S. Sutter <gsutter@zer0.org>
sig        E91AB9B9 2003-05-29   [User ID not found]
sig        24460EC7 2003-10-29   [User ID not found]
sig        8918AE29 2003-10-30   [User ID not found]
sig        21C3DB20 2003-11-13   [User ID not found]
sig        E213B692 2004-01-13   [User ID not found]
sig        5DC3F473 2004-01-19   [User ID not found]
sig        6E58EF0A 2004-01-21   [User ID not found]
sig        49BB5886 2004-04-23   [User ID not found]
sig        E2E88CEC 2004-04-23   [User ID not found]
sig        3B2C212B 2004-04-24   [User ID not found]
sig        FD3D2C2E 2004-07-01   [User ID not found]
sig        D1CECB3D 2004-07-02   [User ID not found]
sig        ABFEA412 2004-07-08   [User ID not found]
sig        97161B93 2004-07-11   [User ID not found]
sig        F894BE12 2004-11-16   [User ID not found]
sig        298BC7D0 2004-11-16   Justin Mason <jm@jmason.org>
sig        CC78C893 2004-11-17   Rich Bowen <rbowen@rcbowen.com>
sig        E04F9A89 2004-11-17   Roy T. Fielding <fielding@gbiv.com>
sig        328AF204 2004-11-18   Rich Feit <rich@apache.org>
sig        E0D4776D 2004-11-22   Ilkka Tammela (illord) <ilkka.tammela@iki.fi>
sig        12BFE79A 2004-11-22   Kevin L. Collins (General Purpose Key) <kcollins@klcollins.org>
sig        D1AA8962 2004-11-24   Brian Behlendorf <brian@collab.net>
sig        2D2DAA52 2004-11-25   Kevin Crowston <crowston@syr.edu>
sig        1C43D850 2004-11-29   Heather Stephens <heathers@apache.org>
sig        23CB7A2A 2004-12-26   David Crossley <crossley@apache.org>
sig        31B0974B 2005-02-16   [User ID not found]
sig        4676F327 2005-02-28   [User ID not found]
sig        21D0A71B 2005-12-13   Dirk-Willem van Gulik <dirkx@asemantics.com>
sig        35C100F0 2005-12-14   [User ID not found]
sig        A879FCF5 2005-12-16   Gregory Trubetskoy (Grisha) <grisha@ispol.com>
sig        75A67692 2006-02-23   Erik Abele <erik@codefaktor.de>
sig        69AC07B9 2006-12-06   [User ID not found]
sig        6AF52019 2006-12-06   [User ID not found]
sig        236D9400 2006-12-06   [User ID not found]
sig        EE7DC74E 2006-12-06   [User ID not found]
sig        603D4F54 2006-12-06   [User ID not found]
sig        CCE3BD36 2003-08-23   [User ID not found]
sig        E5800910 2002-10-09   [User ID not found]
sig        E580B363 2002-10-09   [selfsig]
sig        E580B363 2009-08-12   [selfsig]
sig        65D0FD58 2007-01-29   [User ID not found]
sig        4A24D6F4 2005-02-16   [User ID not found]
sig        F74F343D 2003-11-01   [User ID not found]
sig        8B05342D 2003-11-13   [User ID not found]
sig        EC140B81 2004-11-16   Dirk-Willem van Gulik <dirkx@wirelessleiden.nl>
sig        C52DCE75 2003-11-01   [User ID not found]
sig        7F75635F 2004-07-25   [User ID not found]
sig        F95C2F6D 2005-12-16   [User ID not found]
sig        5290E477 2004-07-03   [User ID not found]
sig        66A14468 2004-10-27   [User ID not found]
sig        A8E18D8C 2005-12-11   [User ID not found]
sig        99242560 2005-02-21   [User ID not found]
uid                            Theo Van Dinter <felicity@spamassassin.org>
sig        E580B363 2003-06-17   [selfsig]
sig        898AA63C 2004-04-23   [User ID not found]
sig        6103BF59 2006-01-17   Davanum Srinivas (CODE SIGNING) <dims@apache.org>
sig        314514EE 2003-11-01   [User ID not found]
sig        1A7ED56D 2003-11-01   [User ID not found]
sig        F2CF01A8 2003-12-17   [User ID not found]
sig        E26A6F28 2004-07-03   [User ID not found]
sig        68FD549F 2004-07-06   [User ID not found]
sig        152924AF 2004-12-03   Sander Temme <sander@temme.net>
sig        8C80C35F 2005-02-16   Rod Begbie <rod@null.net>
sig        61326D40 2005-02-16   [User ID not found]
sig        B6CDEDD7 2005-12-09   [User ID not found]
sig        AF226A4C 2005-12-09   [User ID not found]
sig        B80E83A5 2005-12-09   [User ID not found]
sig        E787A300 2005-12-10   [User ID not found]
sig        85796A23 2005-12-13   [User ID not found]
sig        85796A23 2005-12-13   [User ID not found]
sig        B5CE5497 2005-12-16   [User ID not found]
sig        A43C4492 2005-12-26   Carlos Sanchez <carlos@apache.org>
sig        28284F99 2006-01-17   Davanum Srinivas <dims@wso2.com>
sig        65B078B8 2006-12-06   [User ID not found]
sig        4705C9C7 2006-12-06   [User ID not found]
sig        13354673 2006-12-06   [User ID not found]
sig        BB929E54 2008-03-04   J Robert Ray <jrobertray@gmail.com>
sig        45C024FD 2004-07-03   [User ID not found]
sig        E4B880E2 2004-11-14   Michael Parker <parkerm@pobox.com>
sig        9284C452 2004-11-23   Michael A. Dickerson <mikey@singingtree.com>
sig        F5FC4B42 2004-11-24   Theodore W. Leung <twl@sauria.com>
sig        11DF87E9 2004-12-04   Paul Weinstein (pdw@vortex4.net) <pdw@vortex4.net>
sig        E4136392 2004-12-11   Noel J. Bergman <noel@apache.org>
sig        F7E3C3B4 2005-02-16   [User ID not found]
sig        845DFEDD 2005-12-15   Gregory S. Sutter <gsutter@zer0.org>
sig        677BA1EC 2003-09-12   [User ID not found]
sig        24460EC7 2003-10-29   [User ID not found]
sig        8918AE29 2003-10-30   [User ID not found]
sig        21C3DB20 2003-11-13   [User ID not found]
sig        E213B692 2004-01-13   [User ID not found]
sig        5DC3F473 2004-01-19   [User ID not found]
sig        6E58EF0A 2004-01-21   [User ID not found]
sig        49BB5886 2004-04-23   [User ID not found]
sig        E2E88CEC 2004-04-23   [User ID not found]
sig        3B2C212B 2004-04-24   [User ID not found]
sig        FD3D2C2E 2004-07-01   [User ID not found]
sig        D1CECB3D 2004-07-02   [User ID not found]
sig        ABFEA412 2004-07-08   [User ID not found]
sig        97161B93 2004-07-11   [User ID not found]
sig        F894BE12 2004-11-16   [User ID not found]
sig        298BC7D0 2004-11-16   Justin Mason <jm@jmason.org>
sig        CC78C893 2004-11-17   Rich Bowen <rbowen@rcbowen.com>
sig        E04F9A89 2004-11-17   Roy T. Fielding <fielding@gbiv.com>
sig        328AF204 2004-11-18   Rich Feit <rich@apache.org>
sig        E0D4776D 2004-11-22   Ilkka Tammela (illord) <ilkka.tammela@iki.fi>
sig        12BFE79A 2004-11-22   Kevin L. Collins (General Purpose Key) <kcollins@klcollins.org>
sig        D1AA8962 2004-11-24   Brian Behlendorf <brian@collab.net>
sig        2D2DAA52 2004-11-25   Kevin Crowston <crowston@syr.edu>
sig        1C43D850 2004-11-29   Heather Stephens <heathers@apache.org>
sig        23CB7A2A 2004-12-26   David Crossley <crossley@apache.org>
sig        31B0974B 2005-02-16   [User ID not found]
sig        4676F327 2005-02-28   [User ID not found]
sig        21D0A71B 2005-12-13   Dirk-Willem van Gulik <dirkx@asemantics.com>
sig        35C100F0 2005-12-14   [User ID not found]
sig        A879FCF5 2005-12-16   Gregory Trubetskoy (Grisha) <grisha@ispol.com>
sig        75A67692 2006-02-23   Erik Abele <erik@codefaktor.de>
sig        69AC07B9 2006-12-06   [User ID not found]
sig        6AF52019 2006-12-06   [User ID not found]
sig        EE7DC74E 2006-12-06   [User ID not found]
sig        603D4F54 2006-12-06   [User ID not found]
sig        CCE3BD36 2003-08-23   [User ID not found]
rev        E580B363 2009-07-29   [selfsig]
sig        E580B363 2003-06-17   [selfsig]
sig        65D0FD58 2007-01-29   [User ID not found]
sig        4A24D6F4 2005-02-16   [User ID not found]
sig        F74F343D 2003-11-01   [User ID not found]
sig        8B05342D 2003-11-13   [User ID not found]
sig        EC140B81 2004-11-16   Dirk-Willem van Gulik <dirkx@wirelessleiden.nl>
sig        C52DCE75 2003-11-01   [User ID not found]
sig        7F75635F 2004-07-25   [User ID not found]
sig        F95C2F6D 2005-12-16   [User ID not found]
sig        5290E477 2004-07-03   [User ID not found]
sig        66A14468 2004-10-27   [User ID not found]
sig        A8E18D8C 2005-12-11   [User ID not found]
sig        99242560 2005-02-21   [User ID not found]
uid                            Theo Van Dinter <tvandinter@mac.com>
sig        314514EE 2003-11-01   [User ID not found]
sig        1A7ED56D 2003-11-01   [User ID not found]
sig        F2CF01A8 2003-12-17   [User ID not found]
sig        898AA63C 2004-04-23   [User ID not found]
sig        E26A6F28 2004-07-03   [User ID not found]
sig        68FD549F 2004-07-06   [User ID not found]
sig        152924AF 2004-12-03   Sander Temme <sander@temme.net>
sig        8C80C35F 2005-02-16   Rod Begbie <rod@null.net>
sig        61326D40 2005-02-16   [User ID not found]
sig        45C024FD 2004-07-03   [User ID not found]
sig        E4B880E2 2004-11-14   Michael Parker <parkerm@pobox.com>
sig        9284C452 2004-11-23   Michael A. Dickerson <mikey@singingtree.com>
sig        F5FC4B42 2004-11-24   Theodore W. Leung <twl@sauria.com>
sig        11DF87E9 2004-12-04   Paul Weinstein (pdw@vortex4.net) <pdw@vortex4.net>
sig        E4136392 2004-12-11   Noel J. Bergman <noel@apache.org>
sig        F7E3C3B4 2005-02-16   [User ID not found]
sig        24460EC7 2003-10-29   [User ID not found]
sig        8918AE29 2003-10-30   [User ID not found]
sig        21C3DB20 2003-11-13   [User ID not found]
sig        6E58EF0A 2004-01-21   [User ID not found]
sig        49BB5886 2004-04-23   [User ID not found]
sig        E2E88CEC 2004-04-23   [User ID not found]
sig        3B2C212B 2004-04-24   [User ID not found]
sig        FD3D2C2E 2004-07-01   [User ID not found]
sig        D1CECB3D 2004-07-02   [User ID not found]
sig        ABFEA412 2004-07-08   [User ID not found]
sig        97161B93 2004-07-11   [User ID not found]
sig        F894BE12 2004-11-16   [User ID not found]
sig        298BC7D0 2004-11-16   Justin Mason <jm@jmason.org>
sig        CC78C893 2004-11-17   Rich Bowen <rbowen@rcbowen.com>
sig        E04F9A89 2004-11-17   Roy T. Fielding <fielding@gbiv.com>
sig        328AF204 2004-11-18   Rich Feit <rich@apache.org>
sig        E0D4776D 2004-11-22   Ilkka Tammela (illord) <ilkka.tammela@iki.fi>
sig        12BFE79A 2004-11-22   Kevin L. Collins (General Purpose Key) <kcollins@klcollins.org>
sig        D1AA8962 2004-11-24   Brian Behlendorf <brian@collab.net>
sig        2D2DAA52 2004-11-25   Kevin Crowston <crowston@syr.edu>
sig        1C43D850 2004-11-29   Heather Stephens <heathers@apache.org>
sig        23CB7A2A 2004-12-26   David Crossley <crossley@apache.org>
sig        31B0974B 2005-02-16   [User ID not found]
sig        4676F327 2005-02-28   [User ID not found]
rev        E580B363 2005-10-07   [selfsig]
sig        E580B363 2003-10-25   [selfsig]
sig        E580B363 2003-10-25   [selfsig]
sig        E580B363 2003-10-25   [selfsig]
sig        E580B363 2003-10-25   [selfsig]
sig        4A24D6F4 2005-02-16   [User ID not found]
sig        F74F343D 2003-11-01   [User ID not found]
sig        8B05342D 2003-11-13   [User ID not found]
sig        EC140B81 2004-11-16   Dirk-Willem van Gulik <dirkx@wirelessleiden.nl>
sig        C52DCE75 2003-11-01   [User ID not found]
sig        7F75635F 2004-07-25   [User ID not found]
sig        5290E477 2004-07-03   [User ID not found]
sig        99242560 2005-02-21   [User ID not found]
uid                            Theo Van Dinter <felicity@apache.org>
sig        152924AF 2004-12-03   Sander Temme <sander@temme.net>
sig        8C80C35F 2005-02-16   Rod Begbie <rod@null.net>
sig        61326D40 2005-02-16   [User ID not found]
sig        B6CDEDD7 2005-12-09   [User ID not found]
sig        AF226A4C 2005-12-09   [User ID not found]
sig        B80E83A5 2005-12-09   [User ID not found]
sig        E787A300 2005-12-10   [User ID not found]
sig        85796A23 2005-12-13   [User ID not found]
sig        85796A23 2005-12-13   [User ID not found]
sig        B5CE5497 2005-12-16   [User ID not found]
sig        A43C4492 2005-12-26   Carlos Sanchez <carlos@apache.org>
sig        6103BF59 2006-01-17   Davanum Srinivas (CODE SIGNING) <dims@apache.org>
sig        28284F99 2006-01-17   Davanum Srinivas <dims@wso2.com>
sig        F2CF01A8 2006-02-27   [User ID not found]
sig        65B078B8 2006-12-06   [User ID not found]
sig        4705C9C7 2006-12-06   [User ID not found]
sig        13354673 2006-12-06   [User ID not found]
sig        BB929E54 2008-03-04   J Robert Ray <jrobertray@gmail.com>
sig        E4B880E2 2004-11-14   Michael Parker <parkerm@pobox.com>
sig        9284C452 2004-11-23   Michael A. Dickerson <mikey@singingtree.com>
sig        F5FC4B42 2004-11-24   Theodore W. Leung <twl@sauria.com>
sig        11DF87E9 2004-12-04   Paul Weinstein (pdw@vortex4.net) <pdw@vortex4.net>
sig        E4136392 2004-12-11   Noel J. Bergman <noel@apache.org>
sig        845DFEDD 2005-12-15   Gregory S. Sutter <gsutter@zer0.org>
sig        F894BE12 2004-11-16   [User ID not found]
sig        298BC7D0 2004-11-16   Justin Mason <jm@jmason.org>
sig        CC78C893 2004-11-17   Rich Bowen <rbowen@rcbowen.com>
sig        E04F9A89 2004-11-17   Roy T. Fielding <fielding@gbiv.com>
sig        328AF204 2004-11-18   Rich Feit <rich@apache.org>
sig        E0D4776D 2004-11-22   Ilkka Tammela (illord) <ilkka.tammela@iki.fi>
sig        12BFE79A 2004-11-22   Kevin L. Collins (General Purpose Key) <kcollins@klcollins.org>
sig        D1AA8962 2004-11-24   Brian Behlendorf <brian@collab.net>
sig        2D2DAA52 2004-11-25   Kevin Crowston <crowston@syr.edu>
sig        1C43D850 2004-11-29   Heather Stephens <heathers@apache.org>
sig        23CB7A2A 2004-12-26   David Crossley <crossley@apache.org>
sig        31B0974B 2005-02-16   [User ID not found]
sig        4676F327 2005-02-28   [User ID not found]
sig        21D0A71B 2005-12-13   Dirk-Willem van Gulik <dirkx@asemantics.com>
sig        35C100F0 2005-12-14   [User ID not found]
sig        A879FCF5 2005-12-16   Gregory Trubetskoy (Grisha) <grisha@ispol.com>
sig        75A67692 2006-02-23   Erik Abele <erik@codefaktor.de>
sig        6AF52019 2006-12-06   [User ID not found]
sig        236D9400 2006-12-06   [User ID not found]
sig        EE7DC74E 2006-12-06   [User ID not found]
sig        603D4F54 2006-12-06   [User ID not found]
sig        E580B363 2004-07-27   [selfsig]
sig        E580B363 2009-08-12   [selfsig]
sig        E580B363 2004-07-27   [selfsig]
sig        65D0FD58 2007-01-29   [User ID not found]
sig        4A24D6F4 2005-02-16   [User ID not found]
sig        EC140B81 2004-11-16   Dirk-Willem van Gulik <dirkx@wirelessleiden.nl>
sig        F95C2F6D 2005-12-16   [User ID not found]
sig        6C7C4F5D 2004-11-17   Robyn Wagner, Esq. <robyn@rwlaw.us>
sig        A8E18D8C 2005-12-11   [User ID not found]
sig        99242560 2005-02-21   [User ID not found]
uid                            Theo Van Dinter <tvandinter@techtarget.com>
sig        314514EE 2003-11-01   [User ID not found]
sig        1A7ED56D 2003-11-01   [User ID not found]
sig        F2CF01A8 2003-12-17   [User ID not found]
sig        898AA63C 2004-04-23   [User ID not found]
sig        E26A6F28 2004-07-03   [User ID not found]
sig        68FD549F 2004-07-06   [User ID not found]
sig        152924AF 2004-12-03   Sander Temme <sander@temme.net>
sig        8C80C35F 2005-02-16   Rod Begbie <rod@null.net>
sig        61326D40 2005-02-16   [User ID not found]
sig        B6CDEDD7 2005-12-09   [User ID not found]
sig        AF226A4C 2005-12-09   [User ID not found]
sig        B80E83A5 2005-12-09   [User ID not found]
sig        E787A300 2005-12-10   [User ID not found]
sig        85796A23 2005-12-13   [User ID not found]
sig        85796A23 2005-12-13   [User ID not found]
sig        B5CE5497 2005-12-16   [User ID not found]
sig        6103BF59 2006-01-17   Davanum Srinivas (CODE SIGNING) <dims@apache.org>
sig        28284F99 2006-01-17   Davanum Srinivas <dims@wso2.com>
sig        45C024FD 2004-07-03   [User ID not found]
sig        E4B880E2 2004-11-14   Michael Parker <parkerm@pobox.com>
sig        9284C452 2004-11-23   Michael A. Dickerson <mikey@singingtree.com>
sig        F5FC4B42 2004-11-24   Theodore W. Leung <twl@sauria.com>
sig        11DF87E9 2004-12-04   Paul Weinstein (pdw@vortex4.net) <pdw@vortex4.net>
sig        E4136392 2004-12-11   Noel J. Bergman <noel@apache.org>
sig        F7E3C3B4 2005-02-16   [User ID not found]
sig        845DFEDD 2005-12-15   Gregory S. Sutter <gsutter@zer0.org>
sig        24460EC7 2003-10-29   [User ID not found]
sig        8918AE29 2003-10-30   [User ID not found]
sig        21C3DB20 2003-11-13   [User ID not found]
sig        6E58EF0A 2004-01-21   [User ID not found]
sig        49BB5886 2004-04-23   [User ID not found]
sig        E2E88CEC 2004-04-23   [User ID not found]
sig        3B2C212B 2004-04-24   [User ID not found]
sig        FD3D2C2E 2004-07-01   [User ID not found]
sig        D1CECB3D 2004-07-02   [User ID not found]
sig        ABFEA412 2004-07-08   [User ID not found]
sig        97161B93 2004-07-11   [User ID not found]
sig        F894BE12 2004-11-16   [User ID not found]
sig        298BC7D0 2004-11-16   Justin Mason <jm@jmason.org>
sig        CC78C893 2004-11-17   Rich Bowen <rbowen@rcbowen.com>
sig        E04F9A89 2004-11-17   Roy T. Fielding <fielding@gbiv.com>
sig        328AF204 2004-11-18   Rich Feit <rich@apache.org>
sig        E0D4776D 2004-11-22   Ilkka Tammela (illord) <ilkka.tammela@iki.fi>
sig        12BFE79A 2004-11-22   Kevin L. Collins (General Purpose Key) <kcollins@klcollins.org>
sig        D1AA8962 2004-11-24   Brian Behlendorf <brian@collab.net>
sig        2D2DAA52 2004-11-25   Kevin Crowston <crowston@syr.edu>
sig        1C43D850 2004-11-29   Heather Stephens <heathers@apache.org>
sig        23CB7A2A 2004-12-26   David Crossley <crossley@apache.org>
sig        31B0974B 2005-02-16   [User ID not found]
sig        4676F327 2005-02-28   [User ID not found]
sig        21D0A71B 2005-12-13   Dirk-Willem van Gulik <dirkx@asemantics.com>
sig        35C100F0 2005-12-14   [User ID not found]
sig        A879FCF5 2005-12-16   Gregory Trubetskoy (Grisha) <grisha@ispol.com>
rev        E580B363 2006-01-18   [selfsig]
sig        E580B363 2003-09-12   [selfsig]
sig        E580B363 2003-09-12   [selfsig]
sig        E580B363 2003-09-12   [selfsig]
sig        E580B363 2003-09-12   [selfsig]
sig        4A24D6F4 2005-02-16   [User ID not found]
sig        F74F343D 2003-11-01   [User ID not found]
sig        8B05342D 2003-11-13   [User ID not found]
sig        EC140B81 2004-11-16   Dirk-Willem van Gulik <dirkx@wirelessleiden.nl>
sig        C52DCE75 2003-11-01   [User ID not found]
sig        7F75635F 2004-07-25   [User ID not found]
sig        F95C2F6D 2005-12-16   [User ID not found]
sig        5290E477 2004-07-03   [User ID not found]
sig        A8E18D8C 2005-12-11   [User ID not found]
sig        99242560 2005-02-21   [User ID not found]
uid                            [jpeg image of size 12212]
sig        E580B363 2009-08-12   [selfsig]
sub  3072g/B9B33054 1997-11-09
sig        E580B363 1997-11-09   [keybind]
gpg: NOTE: signature key 6E58EF0A expired Sun Oct 10 13:08:04 2004 UTC
pub  1024D/6E58EF0A 1999-10-12 [revoked]
rev        6E58EF0A 2004-10-10   [selfsig]
uid                            Justin Mason <jm@jmason.org>
sig        6E58EF0A 1999-10-12   [selfsig]
sig        38AA1D47 2004-05-09   Robert Menschel <RMensch@bigfoot.com>
sig        95161991 2004-08-05   [User ID not found]
sig        E580B363 2003-11-02   Theo Van Dinter <felicity@kluge.net>
sub  1024g/98472126 1999-10-12 [revoked: 2004-10-10]
sig        6E58EF0A 1999-10-12   [keybind]
gpg: NOTE: signature key 8C80C35F expired Fri Aug  7 01:03:27 2009 UTC
gpg: NOTE: signature key 8C80C35F expired Fri Aug  7 01:03:27 2009 UTC
gpg: NOTE: signature key 8C80C35F expired Fri Aug  7 01:03:27 2009 UTC
gpg: NOTE: signature key 8C80C35F expired Fri Aug  7 01:03:27 2009 UTC
gpg: NOTE: signature key 8C80C35F expired Fri Aug  7 01:03:27 2009 UTC
pub  1024D/8C80C35F 1997-08-15 rOD Begbie <rOD@begbie.com>
sig        4C96375D 2001-03-26   [User ID not found]
sig        6AA10B91 2001-03-26   [User ID not found]
sig        8C80C35F 2001-03-26   [selfsig]
sig        6614AC87 2003-06-03   [User ID not found]
sig        959600C3 2003-06-04   [User ID not found]
sig        4A24D6F4 2004-08-13   [User ID not found]
rev        8C80C35F 2004-08-14   [selfsig]
sig        31B0974B 2005-05-26   [User ID not found]
sig        8C80C35F 2005-04-22   [selfsig]
rev        8C80C35F 2005-07-25   [selfsig]
sig        CA57AD7C 2005-04-22   [User ID not found]
sig        CA57AD7C 2005-04-27   [User ID not found]
sig        CA57AD7C 2005-05-13   [User ID not found]
sig        CA57AD7C 2005-05-28   [User ID not found]
sig        CA57AD7C 2005-06-13   [User ID not found]
sig        CA57AD7C 2005-06-28   [User ID not found]
sig        CA57AD7C 2005-07-16   [User ID not found]
sig        CA57AD7C 2005-07-18   [User ID not found]
sig        CA57AD7C 2005-08-04   [User ID not found]
sig        CA57AD7C 2005-08-21   [User ID not found]
sig        CA57AD7C 2005-09-04   [User ID not found]
uid                            Rod Begbie <rod@null.net>
sig        4C96375D 1997-08-15   [User ID not found]
sig        8C80C35F 1997-08-15   [selfsig]
sig        6614AC87 2003-06-03   [User ID not found]
sig        959600C3 2003-06-04   [User ID not found]
rev        8C80C35F 2003-08-24   [selfsig]
rev        8C80C35F 2003-09-08   [selfsig]
uid                            Rod Begbie <rbegbi@sapient.com>
sig        8C80C35F 1999-04-26   [selfsig]
sig        6614AC87 2003-06-03   [User ID not found]
sig        959600C3 2003-06-04   [User ID not found]
rev        8C80C35F 2003-08-24   [selfsig]
rev        8C80C35F 2003-09-08   [selfsig]
uid                            rOD Begbie <rOD@arsecandle.org>
sig        8C80C35F 2001-05-16   [selfsig]
sig        6614AC87 2003-06-03   [User ID not found]
sig        959600C3 2003-06-04   [User ID not found]
sig        4A24D6F4 2004-08-13   [User ID not found]
rev        8C80C35F 2004-08-14   [selfsig]
sig        31B0974B 2005-05-26   [User ID not found]
sig        8C80C35F 2005-04-22   [selfsig]
rev        8C80C35F 2005-07-25   [selfsig]
sig        CA57AD7C 2005-04-22   [User ID not found]
sig        CA57AD7C 2005-04-27   [User ID not found]
sig        CA57AD7C 2005-05-13   [User ID not found]
sig        CA57AD7C 2005-05-28   [User ID not found]
sig        CA57AD7C 2005-06-13   [User ID not found]
sig        CA57AD7C 2005-06-28   [User ID not found]
sig        CA57AD7C 2005-07-16   [User ID not found]
sig        CA57AD7C 2005-07-18   [User ID not found]
sig        CA57AD7C 2005-08-04   [User ID not found]
sig        CA57AD7C 2005-08-21   [User ID not found]
sig        CA57AD7C 2005-09-04   [User ID not found]
uid                            rOD Begbie <rbegbie@skginc.net>
sig        4C96375D 2001-03-26   [User ID not found]
sig        8C80C35F 2001-03-26   [selfsig]
sig        6AA10B91 2001-03-26   [User ID not found]
sig        6614AC87 2003-06-03   [User ID not found]
sig        959600C3 2003-06-04   [User ID not found]
rev        8C80C35F 2004-02-05   [selfsig]
uid                            rOD Begbie <rOD@groovymother.com>
sig        8C80C35F 2003-08-05   [selfsig]
sig        4A24D6F4 2004-08-13   [User ID not found]
rev        8C80C35F 2004-08-14   [selfsig]
sig        31B0974B 2005-05-26   [User ID not found]
sig        8C80C35F 2005-04-22   [selfsig]
rev        8C80C35F 2005-07-25   [selfsig]
sig        CA57AD7C 2005-04-22   [User ID not found]
sig        CA57AD7C 2005-04-27   [User ID not found]
sig        CA57AD7C 2005-05-13   [User ID not found]
sig        CA57AD7C 2005-05-28   [User ID not found]
sig        CA57AD7C 2005-06-13   [User ID not found]
sig        CA57AD7C 2005-06-28   [User ID not found]
sig        CA57AD7C 2005-07-16   [User ID not found]
sig        CA57AD7C 2005-07-18   [User ID not found]
sig        CA57AD7C 2005-08-04   [User ID not found]
sig        CA57AD7C 2005-08-21   [User ID not found]
sig        CA57AD7C 2005-09-04   [User ID not found]
uid                            Rod Begbie <rod@begbie.com>
sig        8155E4F3 2005-05-26   [User ID not found]
sig        302A3876 2006-03-21   [User ID not found]
sig        4676F327 2005-02-28   [User ID not found]
sig        8C80C35F 1998-02-11   [selfsig]
sig        8C80C35F 1999-04-26   [selfsig]
sig        61326D40 2005-02-16   [User ID not found]
sig        A699B797 2005-03-01   [User ID not found]
sig        F7E3C3B4 2005-02-16   [User ID not found]
sig        31B0974B 2005-05-26   [User ID not found]
sig        E580B363 2005-02-18   Theo Van Dinter <felicity@kluge.net>
sig        60C383BC 2005-07-27   [User ID not found]
sig        8C80C35F 2004-08-08   [selfsig]
sig        65D0FD58 2007-05-03   [User ID not found]
sig        9E2BD1F2 2004-08-08   [User ID not found]
sig        65D0FD58 2004-08-14   [User ID not found]
sig        65D0FD58 2006-03-21   [User ID not found]
sig        8C80C35F 2005-07-13   [selfsig]
sig        4C96375D 1999-04-26   [User ID not found]
sig        CA57AD7C 2004-12-23   [User ID not found]
sig        CA57AD7C 2005-01-18   [User ID not found]
sig        CA57AD7C 2005-02-01   [User ID not found]
sig        CA57AD7C 2005-02-14   [User ID not found]
sig        CA57AD7C 2005-02-16   [User ID not found]
sig        CA57AD7C 2005-02-19   [User ID not found]
sig        CA57AD7C 2005-05-13   [User ID not found]
sig        CA57AD7C 2005-05-28   [User ID not found]
sig        CA57AD7C 2005-06-13   [User ID not found]
sig        CA57AD7C 2005-08-21   [User ID not found]
sig        CA57AD7C 2006-06-01   [User ID not found]
sig        CA57AD7C 2006-06-01   [User ID not found]
sig        CA57AD7C 2006-06-14   [User ID not found]
sig        CA57AD7C 2006-06-27   [User ID not found]
sig        CA57AD7C 2006-06-27   [User ID not found]
sig        CA57AD7C 2006-07-10   [User ID not found]
sig        CA57AD7C 2006-07-24   [User ID not found]
sig        CA57AD7C 2006-07-24   [User ID not found]
sig        CA57AD7C 2006-08-06   [User ID not found]
sig        CA57AD7C 2006-09-13   [User ID not found]
sig        CA57AD7C 2006-09-13   [User ID not found]
sig        CA57AD7C 2006-10-17   [User ID not found]
sig        CA57AD7C 2006-11-26   [User ID not found]
sig        CA57AD7C 2006-11-26   [User ID not found]
sig        CA57AD7C 2006-12-09   [User ID not found]
sig        CA57AD7C 2006-12-09   [User ID not found]
sig        CA57AD7C 2006-12-23   [User ID not found]
sig        CA57AD7C 2006-12-25   [User ID not found]
sig        CA57AD7C 2007-01-05   [User ID not found]
sig        CA57AD7C 2007-01-05   [User ID not found]
sig        CA57AD7C 2007-01-19   [User ID not found]
sig        CA57AD7C 2007-01-19   [User ID not found]
sig        CA57AD7C 2007-04-28   [User ID not found]
sig        99242560 2005-02-21   [User ID not found]
uid                            Rod Begbie <rod@arsecandle.org>
sig        302A3876 2006-03-21   [User ID not found]
sig        4676F327 2005-02-28   [User ID not found]
sig        61326D40 2005-02-16   [User ID not found]
sig        A699B797 2005-03-01   [User ID not found]
sig        F7E3C3B4 2005-02-16   [User ID not found]
sig        31B0974B 2005-05-26   [User ID not found]
sig        E580B363 2005-02-18   Theo Van Dinter <felicity@kluge.net>
sig        60C383BC 2005-07-27   [User ID not found]
sig        8C80C35F 2004-08-08   [selfsig]
sig        65D0FD58 2007-05-03   [User ID not found]
sig        9E2BD1F2 2004-08-08   [User ID not found]
sig        65D0FD58 2004-08-14   [User ID not found]
sig        65D0FD58 2006-03-21   [User ID not found]
sig        8C80C35F 2005-07-13   [selfsig]
sig        CA57AD7C 2004-12-23   [User ID not found]
sig        CA57AD7C 2005-01-18   [User ID not found]
sig        CA57AD7C 2005-02-01   [User ID not found]
sig        CA57AD7C 2005-02-14   [User ID not found]
sig        CA57AD7C 2005-02-16   [User ID not found]
sig        CA57AD7C 2005-02-19   [User ID not found]
sig        CA57AD7C 2006-06-01   [User ID not found]
sig        CA57AD7C 2006-06-01   [User ID not found]
sig        CA57AD7C 2006-06-14   [User ID not found]
sig        CA57AD7C 2006-06-27   [User ID not found]
sig        CA57AD7C 2006-06-27   [User ID not found]
sig        CA57AD7C 2006-07-10   [User ID not found]
sig        CA57AD7C 2006-07-24   [User ID not found]
sig        CA57AD7C 2006-07-24   [User ID not found]
sig        CA57AD7C 2006-08-06   [User ID not found]
sig        CA57AD7C 2006-09-13   [User ID not found]
sig        CA57AD7C 2006-09-13   [User ID not found]
sig        CA57AD7C 2006-10-17   [User ID not found]
sig        CA57AD7C 2006-11-26   [User ID not found]
sig        CA57AD7C 2006-11-26   [User ID not found]
sig        CA57AD7C 2006-12-09   [User ID not found]
sig        CA57AD7C 2006-12-09   [User ID not found]
sig        CA57AD7C 2006-12-23   [User ID not found]
sig        CA57AD7C 2006-12-25   [User ID not found]
sig        CA57AD7C 2007-01-05   [User ID not found]
sig        CA57AD7C 2007-01-05   [User ID not found]
sig        CA57AD7C 2007-01-19   [User ID not found]
sig        CA57AD7C 2007-01-19   [User ID not found]
sig        CA57AD7C 2007-04-28   [User ID not found]
sig        99242560 2005-02-21   [User ID not found]
uid                            Rod Begbie <rodbegbie@gmail.com>
sig        302A3876 2006-03-21   [User ID not found]
sig        4676F327 2005-02-28   [User ID not found]
sig        61326D40 2005-02-16   [User ID not found]
sig        A699B797 2005-03-01   [User ID not found]
sig        31B0974B 2005-05-26   [User ID not found]
sig        E580B363 2005-02-18   Theo Van Dinter <felicity@kluge.net>
sig        60C383BC 2005-07-27   [User ID not found]
sig        8C80C35F 2005-02-12   [selfsig]
sig        65D0FD58 2007-05-03   [User ID not found]
sig        65D0FD58 2005-03-10   [User ID not found]
sig        65D0FD58 2006-03-21   [User ID not found]
sig        8C80C35F 2005-04-22   [selfsig]
sig        8C80C35F 2005-07-13   [selfsig]
sig        CA57AD7C 2005-02-19   [User ID not found]
sig        CA57AD7C 2005-04-22   [User ID not found]
sig        CA57AD7C 2005-04-27   [User ID not found]
sig        CA57AD7C 2005-05-13   [User ID not found]
sig        CA57AD7C 2005-05-13   [User ID not found]
sig        CA57AD7C 2005-05-28   [User ID not found]
sig        CA57AD7C 2005-05-28   [User ID not found]
sig        CA57AD7C 2005-06-13   [User ID not found]
sig        CA57AD7C 2005-06-13   [User ID not found]
sig        CA57AD7C 2005-06-28   [User ID not found]
sig        CA57AD7C 2005-07-16   [User ID not found]
sig        CA57AD7C 2005-07-18   [User ID not found]
sig        CA57AD7C 2005-08-04   [User ID not found]
sig        CA57AD7C 2005-08-21   [User ID not found]
sig        CA57AD7C 2005-08-21   [User ID not found]
sig        CA57AD7C 2005-09-04   [User ID not found]
sig        CA57AD7C 2006-06-01   [User ID not found]
sig        CA57AD7C 2006-06-01   [User ID not found]
sig        CA57AD7C 2006-06-14   [User ID not found]
sig        CA57AD7C 2006-06-27   [User ID not found]
sig        CA57AD7C 2006-06-27   [User ID not found]
sig        CA57AD7C 2006-07-10   [User ID not found]
sig        CA57AD7C 2006-07-24   [User ID not found]
sig        CA57AD7C 2006-07-24   [User ID not found]
sig        CA57AD7C 2006-08-06   [User ID not found]
sig        CA57AD7C 2006-09-13   [User ID not found]
sig        CA57AD7C 2006-09-13   [User ID not found]
sig        CA57AD7C 2006-10-17   [User ID not found]
sig        CA57AD7C 2006-11-26   [User ID not found]
sig        CA57AD7C 2006-11-26   [User ID not found]
sig        CA57AD7C 2006-12-09   [User ID not found]
sig        CA57AD7C 2006-12-09   [User ID not found]
sig        CA57AD7C 2006-12-23   [User ID not found]
sig        CA57AD7C 2006-12-25   [User ID not found]
sig        CA57AD7C 2007-01-05   [User ID not found]
sig        CA57AD7C 2007-01-05   [User ID not found]
sig        CA57AD7C 2007-01-19   [User ID not found]
sig        CA57AD7C 2007-01-19   [User ID not found]
sig        CA57AD7C 2007-04-28   [User ID not found]
sig        CA57AD7C 2007-08-04   [User ID not found]
sig        99242560 2005-02-21   [User ID not found]
uid                            Rod Begbie <rod@groovymother.com>
sig        302A3876 2006-03-21   [User ID not found]
sig        4676F327 2005-02-28   [User ID not found]
sig        61326D40 2005-02-16   [User ID not found]
sig        A699B797 2005-03-01   [User ID not found]
sig        F7E3C3B4 2005-02-16   [User ID not found]
sig        31B0974B 2005-05-26   [User ID not found]
sig        E580B363 2005-02-18   Theo Van Dinter <felicity@kluge.net>
sig        60C383BC 2005-07-27   [User ID not found]
sig        8C80C35F 2004-08-08   [selfsig]
sig        65D0FD58 2007-05-03   [User ID not found]
sig        9E2BD1F2 2004-08-08   [User ID not found]
sig        65D0FD58 2004-08-14   [User ID not found]
sig        65D0FD58 2006-03-21   [User ID not found]
sig        8C80C35F 2005-07-13   [selfsig]
sig        CA57AD7C 2006-12-09   [User ID not found]
sig        CA57AD7C 2004-12-23   [User ID not found]
sig        CA57AD7C 2005-01-18   [User ID not found]
sig        CA57AD7C 2005-02-01   [User ID not found]
sig        CA57AD7C 2005-02-14   [User ID not found]
sig        CA57AD7C 2005-02-16   [User ID not found]
sig        CA57AD7C 2005-02-19   [User ID not found]
sig        CA57AD7C 2006-06-01   [User ID not found]
sig        CA57AD7C 2006-06-01   [User ID not found]
sig        CA57AD7C 2006-06-14   [User ID not found]
sig        CA57AD7C 2006-06-27   [User ID not found]
sig        CA57AD7C 2006-06-27   [User ID not found]
sig        CA57AD7C 2006-07-10   [User ID not found]
sig        CA57AD7C 2006-07-24   [User ID not found]
sig        CA57AD7C 2006-07-24   [User ID not found]
sig        CA57AD7C 2006-08-06   [User ID not found]
sig        CA57AD7C 2006-09-13   [User ID not found]
sig        CA57AD7C 2006-09-13   [User ID not found]
sig        CA57AD7C 2006-10-17   [User ID not found]
sig        CA57AD7C 2006-11-26   [User ID not found]
sig        CA57AD7C 2006-11-26   [User ID not found]
sig        CA57AD7C 2006-12-09   [User ID not found]
sig        CA57AD7C 2006-12-23   [User ID not found]
sig        CA57AD7C 2006-12-25   [User ID not found]
sig        CA57AD7C 2007-01-05   [User ID not found]
sig        CA57AD7C 2007-01-05   [User ID not found]
sig        CA57AD7C 2007-01-19   [User ID not found]
sig        CA57AD7C 2007-01-19   [User ID not found]
sig        CA57AD7C 2007-04-28   [User ID not found]
sig        99242560 2005-02-21   [User ID not found]
uid                            Rod Begbie <rbegbie@bus-innovation.com>
sig        4A24D6F4 2004-08-13   [User ID not found]
sig        8C80C35F 2004-04-02   [selfsig]
rev        8C80C35F 2005-01-07   [selfsig]
sig        8C80C35F 2004-08-08   [selfsig]
sig        9E2BD1F2 2004-08-08   [User ID not found]
sig        65D0FD58 2004-08-14   [User ID not found]
uid                            [jpeg image of size 7583]
sig        8155E4F3 2005-05-26   [User ID not found]
sig        302A3876 2006-03-21   [User ID not found]
sig        A699B797 2005-03-01   [User ID not found]
sig        31B0974B 2005-05-26   [User ID not found]
sig        8C80C35F 2004-08-08   [selfsig]
sig        8C80C35F 2004-08-08   [selfsig]
sig        65D0FD58 2007-05-03   [User ID not found]
sig        65D0FD58 2005-03-10   [User ID not found]
sig        65D0FD58 2006-03-21   [User ID not found]
sig        8C80C35F 2005-04-22   [selfsig]
sig        8C80C35F 2005-07-13   [selfsig]
sub  2048g/57E8C6A1 1997-08-15
sig        8C80C35F 1997-08-15   [keybind]
sub  1024R/85A7466D 2006-01-31
sig        8C80C35F 2006-01-31   [keybind]
sub  1024R/C84C962B 2006-01-31 [revoked: 2006-08-02]
sig        8C80C35F 2006-01-31   [keybind]
sig        8C80C35F 2006-08-02   [selfsig]
sub  2048R/BC42C93D 2005-02-21
sig        8C80C35F 2005-02-21   [keybind]
pub  4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key <release@spamassassin.org>
sig        5244EC45 2005-12-20   [selfsig]
sig        298BC7D0 2008-08-07   Justin Mason <jm@jmason.org>
sig        265FA05B 2008-08-07   SpamAssassin Signing Key <release@spamassassin.org>
sig        6CB1BC68 2008-05-12   [User ID not found]
sig        7DF1F870 2008-07-27   [User ID not found]
sub  4096R/24F434CE 2005-12-20
sig        5244EC45 2008-01-10   [keybind]
pub  4096R/F7D39814 2009-12-02 SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) <dev@spamassassin.apache.org>
sig        F7D39814 2009-12-02   [selfsig]
sig        265FA05B 2009-12-02   SpamAssassin Signing Key <release@spamassassin.org>
sig        54A2ACF1 2009-12-27   [User ID not found]
uid                            SpamAssassin Project Management Committee <private@spamassassin.apache.org>
sig        F7D39814 2009-12-02   [selfsig]
sig        54A2ACF1 2009-12-27   [User ID not found]
sub  4096R/7B3265A5 2009-12-02
sig        F7D39814 2009-12-02   [keybind]

Comment 8 Warren Togami 2010-01-11 08:43:36 UTC

Over 500 people signed the new signing key?

Without checking its photo id? =)

I suppose this is OK, but is including all 200KB really necessary?

+1

Comment 9 Justin Mason 2010-01-12 14:00:40 UTC

(In reply to comment #8)
> Over 500 people signed the new signing key?
> 
> Without checking its photo id? =)
> 
> I suppose this is OK, but is including all 200KB really necessary?
> 
> +1

over 500 people signed keys that signed the key.  (probably most are from keysigning parties that myself or Theo attended, I suspect)

If it's safe, I'd like to trim down the 200KB to something smaller; can any GPG wizards indicate that it's ok to do so?  my naive assumption is that if I was to do so, it would lessen people's ability to verify a web-of-trust between their own trusted keys, and our keys, assuming they were attempting to do so without a working connection to a keyserver (e.g. offline).

Maybe the web-of-trust is moot in our use-cases, but I think it's a nice side benefit of using gpg.

Comment 10 Sidney Markowitz 2010-01-14 18:46:06 UTC

(in reply to comment #9)

Shouldn't the file contain the text that is now in http://www.apache.org/dist/spamassassin/KEYS file? Although I would add to that both the URL http://www.apache.org/dist/spamassassin/KEYS and that a copy can be found in rules/sa-update-pubkey.txt in the source distribution.

I don't see any reason to include all the second level signatures. It usually won't be enough to validate the key anyway without going on line, and anyone who is installing SpamAssassin has the ability to go online at some point.

By the way, this looks like it might be relevant:

http://people.apache.org/~henkp/trust/

Comment 11 Justin Mason 2010-01-15 04:54:34 UTC

(In reply to comment #10)
> (in reply to comment #9)
> 
> Shouldn't the file contain the text that is now in
> http://www.apache.org/dist/spamassassin/KEYS file? Although I would add to that
> both the URL http://www.apache.org/dist/spamassassin/KEYS and that a copy can
> be found in rules/sa-update-pubkey.txt in the source distribution.

Oops. Will fix this.

 
> I don't see any reason to include all the second level signatures. It usually
> won't be enough to validate the key anyway without going on line, and anyone
> who is installing SpamAssassin has the ability to go online at some point.

Ok.  I'll try to trim it down.

Comment 12 Justin Mason 2010-01-15 07:14:50 UTC

I don't think that change needs to block rc3

Comment 13 Justin Mason 2010-01-16 15:45:14 UTC

Created attachment 4646 [details]
fixed

ok, this one contains _just_ the important keys and their direct sigs, and has a text header.  I suggest that this can be both the KEYS file on the dist site, and the new rules/sa-update-pubkey.txt.

Comment 14 Warren Togami 2010-01-18 15:43:18 UTC

[test@newcaprica tmp]$ gpg -v attachment.cgi\?id\=4646 
gpg: armor header: Version: GnuPG v1.4.9 (GNU/Linux)
pub  4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key <release@spamassassin.org>
sig        5244EC45 2005-12-20   [selfsig]
sig        298BC7D0 2008-08-07   [User ID not found]
sig        265FA05B 2008-08-07   [User ID not found]
sig        6CB1BC68 2008-05-12   [User ID not found]
sig        7DF1F870 2008-07-27   [User ID not found]
sig        F7D39814 2010-01-16   SpamAssassin Project Management Committee <private@spamassassin.apache.org>
sub  4096R/24F434CE 2005-12-20
sig        5244EC45 2005-12-20   [keybind]
sig        5244EC45 2008-01-10   [keybind]
pub  4096R/F7D39814 2009-12-02 SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) <dev@spamassassin.apache.org>
sig        F7D39814 2009-12-02   [selfsig]
sig        265FA05B 2009-12-02   [User ID not found]
sig        54A2ACF1 2009-12-27   [User ID not found]
uid                            SpamAssassin Project Management Committee <private@spamassassin.apache.org>
sig        F7D39814 2009-12-02   [selfsig]
sig        54A2ACF1 2009-12-27   [User ID not found]
sub  4096R/7B3265A5 2009-12-02
sig        F7D39814 2009-12-02   [keybind]

+1

Comment 15 Mark Martinec 2010-01-18 16:24:17 UTC

+1  Looks fine.

Comment 16 Sidney Markowitz 2010-01-18 17:03:21 UTC

+1

You didn't add a mention of the two locations where the file can be found as I suggested in comment #10, but that was just a suggestion.

However, I see that you cut the final 3.3.0 tarball before committing this. Is it really ok to have rules/sa-update.txt say that the release key is different from the one used to sign the release?

Perhaps the release announcement ahould be amended to tell people to get the new release key from http://www.apache.org/dist/spamassassin/KEYS ? That way anyone who is careful about checking will be up to date before they get as far as looking at rules/sa-update.txt.

Comment 17 Sidney Markowitz 2010-01-18 17:20:13 UTC

I just noticed that the new key also needs to be uploaded to http://spamassassin.apache.org/updates/GPG.KEY as well as to http://www.apache.org/dist/spamassassin/KEYS

And both have to be in place before the release announcement.

Comment 18 Justin Mason 2010-01-19 04:05:41 UTC

(In reply to comment #16)
> +1
> 
> You didn't add a mention of the two locations where the file can be found as I
> suggested in comment #10, but that was just a suggestion.

hmm.  I missed that -- sorry :(

> However, I see that you cut the final 3.3.0 tarball before committing this. Is
> it really ok to have rules/sa-update.txt say that the release key is different
> from the one used to sign the release?

the current rules/sa-update.txt (as in the release) says:

This is the GPG key that updates are signed with (currently,
as of Wed Dec 21 19:31:38 PST 2005.  Please contact <dev /at/
spamassassin.apache.org> with any questions.

and it's this key:

: 204...; gpg -v rules/sa-update-pubkey.txt 
gpg: armor header: Version: GnuPG v1.4.2 (SunOS)
pub  4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key <release@spamassassin.org>
sig        5244EC45 2005-12-20   [selfsig]
sub  4096R/24F434CE 2005-12-20
sig        5244EC45 2005-12-20   [keybind]
sig        5244EC45 2008-01-10   [keybind]


this key is not changing (aside from the addition of cross-signatures).
so there's no issue there; the released sa-update-pubkey.txt file will
still be correct without this patch.


> Perhaps the release announcement ahould be amended to tell people to get the
> new release key from http://www.apache.org/dist/spamassassin/KEYS ? That way
> anyone who is careful about checking will be up to date before they get as far
> as looking at rules/sa-update.txt.

I'll change the release announcement as you suggested on the dev list.

Comment 19 Justin Mason 2010-01-19 04:26:41 UTC

(In reply to comment #18)
> > Perhaps the release announcement ahould be amended to tell people to get the
> > new release key from http://www.apache.org/dist/spamassassin/KEYS ? That way
> > anyone who is careful about checking will be up to date before they get as far
> > as looking at rules/sa-update.txt.
> 
> I'll change the release announcement as you suggested on the dev list.

actually, that probably is unnecessary.  see bug 6292.

Comment 20 Justin Mason 2010-01-19 04:29:25 UTC

also (sorry for the storm of mails ;) -- 

(In reply to comment #17)
> I just noticed that the new key also needs to be uploaded to
> http://spamassassin.apache.org/updates/GPG.KEY as well as to
> http://www.apache.org/dist/spamassassin/KEYS
> 
> And both have to be in place before the release announcement.

http://www.apache.org/dist/spamassassin/KEYS *already* contains both the new release signing key and the updates signing key.

http://spamassassin.apache.org/updates/GPG.KEY contains only the updates signing key, which is ok, because that location is specifically for the updates signing key info only anyway.

Neither need to be updated before release.

Comment 21 Justin Mason 2010-01-19 04:32:22 UTC

Created attachment 4650 [details]
another new KEYS file, with URLs

'Shouldn't the file contain the text that is now in
http://www.apache.org/dist/spamassassin/KEYS file? Although I would add to that
both the URL http://www.apache.org/dist/spamassassin/KEYS and that a copy can
be found in rules/sa-update-pubkey.txt in the source distribution.'

as suggested -- this revision fixes that.

Comment 22 Justin Mason 2010-01-19 04:41:05 UTC

just to be clear: please re-vote on the new file.  since this change doesn't need to impede release, there's no urgency. ;)

Comment 23 Sidney Markowitz 2010-01-19 10:13:14 UTC

+1

Ok, I think I understand it now - This file contains both the release signing key and the sa-update signing key. The former is new because we can no longer use the old one. The latter is unchanged but has been cross-signed so that going forward it will be compatible with newer versions of gpg, however the older copy of the key is still usable. sa-update is packaged with this sa-update key independent of this proposed change to this file so someone installing 3.3.0 does not have to download this file after we commit this change even if they run a current version of GPG. This proposed file will serve the purposes of both the KEYS file and the sa-update-pubkey.txt file, but is not the same as the http://spamassassin.apache.org/updates/GPG.KEY although it would not hurt to use this file for that one, as that one only needs to have the sa-update signing key in it. And finally, I think we do need to update http://spamassassin.apache.org/updates/GPG.KEY with the cross-signed version of the sa-update key, which cam be done by using this file for that too, or by exporting just the sa-update key and uploading that, is that correct?

$ gpg -v GPG.KEY 
gpg: armor header: Version: GnuPG v1.4.2 (SunOS)
pub  4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key <release@spamassassin.org>
sig        5244EC45 2005-12-20   [selfsig]
sub  4096R/24F434CE 2005-12-20
sig        5244EC45 2005-12-20   [keybind]
sig        5244EC45 2008-01-10   [keybind]

As compared to the portion of gpg -v output from this file:

pub  4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key <release@spamassassin.org>
sig        5244EC45 2005-12-20   [selfsig]
sig        298BC7D0 2008-08-07   Justin Mason <jm@jmason.org>
sig        265FA05B 2008-08-07   SpamAssassin Signing Key <release@spamassassin.org>
sig        6CB1BC68 2008-05-12   Alain Wolf <wolf@restkultur.ch>
sig        7DF1F870 2008-07-27   Frank C. Langbein <frank@langbein.org>
sig        F7D39814 2010-01-16   SpamAssassin Project Management Committee <private@spamassassin.apache.org>
sub  4096R/24F434CE 2005-12-20
sig        5244EC45 2005-12-20   [keybind]
sig        5244EC45 2008-01-10   [keybind]

Comment 24 Sidney Markowitz 2010-01-19 10:34:43 UTC

A slight correction to my previous comment. Right now http://spamassassin.apache.org/updates/GPG.KEY is the same file as rules/sa-update-pubkey.txt so that is the reason that it should be updated with this proposed new file at the same time that it is committed to rules/sa-update-pubkey.txt. I will not propose restarting the voting by adding that URL to the text too :)

Comment 25 Justin Mason 2010-01-20 04:25:06 UTC

(In reply to comment #23)
> +1
> 
> Ok, I think I understand it now - This file contains both the release signing
> key and the sa-update signing key. The former is new because we can no longer
> use the old one. The latter is unchanged but has been cross-signed so that
> going forward it will be compatible with newer versions of gpg, however the
> older copy of the key is still usable. sa-update is packaged with this
> sa-update key independent of this proposed change to this file so someone
> installing 3.3.0 does not have to download this file after we commit this
> change even if they run a current version of GPG. This proposed file will serve
> the purposes of both the KEYS file and the sa-update-pubkey.txt file, but is
> not the same as the http://spamassassin.apache.org/updates/GPG.KEY although it
> would not hurt to use this file for that one, as that one only needs to have
> the sa-update signing key in it. And finally, I think we do need to update
> http://spamassassin.apache.org/updates/GPG.KEY with the cross-signed version of
> the sa-update key, which cam be done by using this file for that too, or by
> exporting just the sa-update key and uploading that, is that correct?

all correct ;)  I suggest we use this entire file for /updates/GPG.KEY -- try to keep it simple(ish).

Comment 26 Justin Mason 2010-01-26 07:06:09 UTC

got a mail from Henk that needs addressing --

'Hi Justin,

 the sig checker can't find public PGP key '24F434CE'
 in any KEYS file ;

   http://people.apache.org/~henkp/checker/sig.html#user-jm

 Can you please add this public key to

    /x1/www/www.apache.org/dist/spamassassin/KEYS

 Thanks, regards,

 Henk Penning'

so this may need more work.

Comment 27 Justin Mason 2010-01-27 02:20:53 UTC

moving most remaining 3.3.0 bugs to 3.3.1 milestone

Comment 28 Justin Mason 2010-01-27 03:16:36 UTC

reassigning, too

Comment 29 Justin Mason 2010-01-29 08:35:33 UTC

Created attachment 4662 [details]
new KEYS file with direct signers' pubkeys

Comment 30 Justin Mason 2010-01-29 08:54:03 UTC

Here's a replacement KEYS/GPG.KEY/pubkey.txt file that deals with Henk's suggestion -- it contains my public key (as well as a couple of committers/pmc members who have signed the 3 versions of signing keys, according to keyserver hkp://subkeys.pgp.net).

Exported using:

    gpg --export --armor F7D39814 5244EC45 265FA05B \
                298BC7D0 54A2ACF1 > o
    cat header o > KEYS_with_signers

Comment 31 Justin Mason 2010-01-29 08:54:52 UTC

Created attachment 4663 [details]
another recut, with Warren and my pubkeys

Comment 32 Warren Togami 2010-03-11 03:37:36 UTC

+1 looks fine here.

Although why my key specifically?  Did the other core devs not directly sign it?  I'm not a core dev.

[test@newcaprica ~]$ gpg --import /tmp/attachment.cgi\?id\=4663 
gpg: /home/test/.gnupg/trustdb.gpg: trustdb created
gpg: key 265FA05B: public key "SpamAssassin Signing Key <release@spamassassin.org>" imported
gpg: key 298BC7D0: public key "Justin Mason <jm@jmason.org>" imported
gpg: key 5244EC45: public key "updates.spamassassin.org Signing Key <release@spamassassin.org>" imported
gpg: key F7D39814: public key "SpamAssassin Project Management Committee <private@spamassassin.apache.org>" imported
gpg: key 54A2ACF1: public key "Warren Togami (Work) <wtogami@redhat.com>" imported
gpg: Total number processed: 5
gpg:               imported: 5  (RSA: 2)
gpg: no ultimately trusted keys found
[test@newcaprica ~]$ gpg --fingerprint
/home/test/.gnupg/pubring.gpg
-----------------------------
pub   1024D/265FA05B 2003-06-09
      Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24  F6D7 DEE0 1987 265F A05B
uid                  SpamAssassin Signing Key <release@spamassassin.org>
sub   1024D/FC51569B 2003-08-21

pub   1024D/298BC7D0 2004-10-10 [expires: 2024-10-05]
      Key fingerprint = 1368 71CE 3627 9CD3 FA1B  0B63 3091 7972 298B C7D0
uid                  Justin Mason <jm@jmason.org>
sub   2048g/FDFC3EDC 2004-10-10 [expires: 2024-10-05]

pub   4096R/5244EC45 2005-12-20
      Key fingerprint = 5E54 1DC9 59CB 8BAC 7C78  DFDC 4056 A61A 5244 EC45
uid                  updates.spamassassin.org Signing Key <release@spamassassin.org>
sub   4096R/24F434CE 2005-12-20

pub   4096R/F7D39814 2009-12-02
      Key fingerprint = D809 9BC7 9E17 D7E4 9BC2  1E31 FDE5 2F40 F7D3 9814
uid                  SpamAssassin Project Management Committee <private@spamassassin.apache.org>
uid                  SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) <dev@spamassassin.apache.org>
sub   4096R/7B3265A5 2009-12-02

pub   1024D/54A2ACF1 2002-11-25
      Key fingerprint = 785A 304B 08C1 F291 F54F  9A68 6BDD FE8E 54A2 ACF1
uid                  Warren Togami (Work) <wtogami@redhat.com>
uid                  Warren Togami (Linux) <warren@togami.com>
sub   2048g/4AD75982 2002-11-25

Comment 33 Justin Mason 2010-03-12 14:36:22 UTC

(In reply to comment #32)
> +1 looks fine here.
> 
> Although why my key specifically?  Did the other core devs not directly sign
> it?  I'm not a core dev.

you're a committer, so more or less the same thing!  nope, other devs have not signed it (yet).

Comment 34 Justin Mason 2010-03-23 16:33:50 UTC

moving all open 3.3.1 bugs to 3.3.2

Comment 35 Karsten Bräckelmann 2010-03-23 17:42:53 UTC

Moving back off of Security, which got changed by accident during the mass Target Milestone move.

Comment 36 Sidney Markowitz 2010-04-17 17:58:23 UTC

After all this time of being confused by the comments in this bug I finally looked up what cross-signing GPG keys is all about and how to do it. For anyone who is as confused and ill-informed as I, here is a link explaining what it is and how to do it

http://www.gnupg.org/faq/subkey-cross-certify.en.html

Comment 37 Adam Katz 2011-05-09 19:30:38 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I signed F7D39814 5244EC45 265FA05B and resubmitted them to
they key servers earlier today.  This signed comment can be
used as proof (w.r.t. my bugzilla account) of my owning key
F4AD9292.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk3IP+oACgkQjroVuvStkpInMQCgo9GOoa5eHqZKEi7/8Uuoyeup
2EYAn3UMyXWR5Qb26SZ3j1h4UBavlLHi
=O/iR
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The same goes for my channel-signing key, E8B493D6

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk3IQNUACgkQnCRV0Oi0k9Yw4wCgrpEpqiv8a/6eCFjbr3a9SXkH
k3YAnRiOJ8exUtQonnbtbzBK1cAVtgTj
=Dv1T
-----END PGP SIGNATURE-----

Comment 38 Adam Katz 2011-05-11 02:28:15 UTC

forgot to vote:  +1

Comment 39 Darxus 2011-05-11 03:40:13 UTC

Whiteboard should be changed to "ready to commit for 3.3.2".

Comment 40 Mark Martinec 2011-05-11 12:56:07 UTC

The file should be updated together with Bug 6288 I think.

Comment 41 Darxus 2011-05-26 22:10:10 UTC

Created attachment 4907 [details]
New KEYS / GPG.KEY / sa-update-pubkey.txt file

This file contains *only* the release signing key (F7D39814), the sa-updates signing key (5244EC45), and the deprecated release signing key (265FA05B).  

I agree it should be used to replace all three existing key files - KEYS, GPG.KEY, and sa-update-pubkey.txt.

I think this file should only contain keys which are used to sign stuff for SpamAssassin.  If people want to check the signatures on these keys, all they need to do to grab the signing keys is:

gpg -v KEYS | grep ^sig | awk '{print $2}' | xargs gpg --recv-keys

So this file should just be used to provide some authentication that these keys are legitimate SpamAssassin signing keys.

This does not need to be coordinated with bug 6288.

Some related info can be found in bug 5775.

I wrote some related stuff a decade ago, which probably doesn't still work:
http://www.chaosreigns.com/code/sigtrace/
http://www.chaosreigns.com/code/sig2dot/debian.html

Comment 42 Darxus 2011-05-26 22:14:19 UTC

That file uses Justin Mason's header, and adds Adam Katz's signature:

$ gpg -v KEYS.new 
gpg: armor header: Version: GnuPG v2.0.14 (GNU/Linux)
pub  4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key <release@spamassassin.org>
sig        6CB1BC68 2008-05-12   Alain Wolf <wolf@restkultur.ch>
sig        7DF1F870 2008-07-27   Frank C. Langbein <frank@langbein.org>
sig        E8B493D6 2011-02-08   Adam Katz (key for auto-gen content) <antispam@khopis.com>
sig        F4AD9292 2011-05-09   Adam Katz <adam@khopis.com>
sig        5244EC45 2005-12-20   [selfsig]
sig        298BC7D0 2008-08-07   Justin Mason <jm@jmason.org>
sig        265FA05B 2008-08-07   SpamAssassin Signing Key <release@spamassassin.org>
sig        F7D39814 2010-01-16   SpamAssassin Project Management Committee <private@spamassassin.apache.org>
sub  4096R/24F434CE 2005-12-20
sig        5244EC45 2008-01-10   [keybind]
pub  4096R/F7D39814 2009-12-02 SpamAssassin Project Management Committee <private@spamassassin.apache.org>
sig        54A2ACF1 2009-12-27   Warren Togami (Work) <wtogami@redhat.com>
sig        F4AD9292 2011-05-09   Adam Katz <adam@khopis.com>
sig        E8B493D6 2011-05-09   Adam Katz (key for auto-gen content) <antispam@khopis.com>
sig        F7D39814 2009-12-02   [selfsig]
uid                            SpamAssassin Signing Key (Code Signing Key, replacement for 1024D/265FA05B) <dev@spamassassin.apache.org>
sig        54A2ACF1 2009-12-27   Warren Togami (Work) <wtogami@redhat.com>
sig        265FA05B 2009-12-02   SpamAssassin Signing Key <release@spamassassin.org>
sig        F4AD9292 2011-05-09   Adam Katz <adam@khopis.com>
sig        E8B493D6 2011-05-09   Adam Katz (key for auto-gen content) <antispam@khopis.com>
sig        F7D39814 2009-12-02   [selfsig]
sub  4096R/7B3265A5 2009-12-02
sig        F7D39814 2009-12-02   [keybind]
pub  1024D/265FA05B 2003-06-09 SpamAssassin Signing Key <release@spamassassin.org>

[snipped signatures of the deprecated signing key]

Comment 43 Sidney Markowitz 2011-06-03 21:36:01 UTC

+1 on Darxus' version. It's much cleaner, and I think I understand better what is supposed to be in the KEYS file looking at that compared to all our attempts to cut one. The
 gpg -v KEYS | grep ^sig | awk '{print $2}' | xargs gpg --recv-keys
command line is handy in that it results in importing what you need so that afterwards a simple gpg -v KEYS shows something that makes sense out of the KEYS file.

Darxus, don't we need a CLA from you so we can accept patches?

Comment 44 Sidney Markowitz 2011-06-04 02:56:22 UTC

Created attachment 4916 [details]
KEYS file with just the necessary three, with my signing added

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To make sure I understand the process, as long as the voting had been reset
all the way back to just 1 anyway, I signed the two unrevoked keys and
recreated from my keyring the file Darxus submitted. I also uploaded the newly
signed public keys to the keyservers. Like Adam, I am signing this comment
just because it is so cool to act all security-paranoid when doing things with
PGP keys. Or GPG keys. Whatever.

And this makes my implied vote explicit: +1

 Sidney


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)

iQEcBAEBAgAGBQJN6Z5WAAoJEK/R1BNiJeoSQucH/jfvvZcgFmgNkjQWx7HV+eat
EtovfH2Syj8wavFSeLbw5M4/8TGAw0Ep3R0GXlWI0LozDLTxKY9caCDgoFq1OFvt
aHsOMXvdWsPs0J+qpUMeSgqdrwU/o/VQkWNQNCB0zHOjXYBXms7nJRZRbdqx5KOR
3QdjX1l85NyRJEPS0kjePfoLUYPHGemLEQLUh2gSCU3dDWwpgekVXWYVanLHXmKl
Fl8iWhCtHyn7OXw5ejBGUYnjpnm6W/hu5/xjKZweiJeftTiik14l61j5TFybt2qO
SeVGSXd0xDzjJomydLzcyNpcL5Z6tR48GI/jntcPJ+Rzf0BivMn7hFteXJkHgeg=
=RQO1
-----END PGP SIGNATURE-----

Comment 45 Darxus 2011-06-04 03:23:02 UTC

I verified Sidney's KEYS file, looks good to me.  Only change is, as he said, the addition of his signatures to the non-expired keys.


These are created with, as JM said:

gpg --export --armor 5244EC45 F7D39814 265FA05B > KEYS.txt

And then just prepend the descriptive header with a text editor or cat.

Comment 46 Darxus 2011-06-07 00:38:27 UTC

(In reply to comment #43)
> Darxus, don't we need a CLA from you so we can accept patches?

1) No.  http://wiki.apache.org/spamassassin/AboutClas Says a CLA is only required for '"big" patches'.  

2) I just received acknowledgement of receipt of my CLA from Apache.  With the same email address as this bugzilla account.  Does something need to be done to connect them?

Comment 47 Sidney Markowitz 2011-06-07 01:22:17 UTC

(In reply to comment #43)

Whoever has the karma to change your [NoCLA] flag here should know where to look up the list of people who have submitted a CLA. Thanks.

Comment 48 Matus UHLAR - fantomas 2011-06-07 06:02:49 UTC

+1 (doesn't bugzilla have its voting system?

Comment 49 Darxus 2011-06-07 15:19:56 UTC

(In reply to comment #48)
> +1 (doesn't bugzilla have its voting system?

Yes.  I had been wondering about that.  http://lists.osafoundation.org/pipermail/chandler-dev/2005-March/002566.html

I don't seem to have the "edit attachment" link this talks about.

Comment 50 Darxus 2011-10-05 19:36:32 UTC

Retargeting from 3.3.2 (released) to 3.4.0 (currently trunk).  Just needs votes and a commit.  Changed priority from enhancement to normal.

Comment 51 Kevin A. McGrail 2013-06-21 16:19:38 UTC

Moving all open bugs where target is defined and 3.4.0 or lower to 3.4.1 target

Comment 52 Kevin A. McGrail 2015-04-07 13:40:45 UTC

Failed to get enough votes and don't really see the benefit.  Perhaps the next RM will reopen.