"Jonathan \"Duke\" Leto" <jonathan@xxxxxxxx> writes: > When the key changes, all existing tags are signed with the previous > key in the chain of trust. > > Do people: > 1) resign all the tags, causing people to overwrite their local tags > 2) keep all versions of the keys in the chain of trust > 3) something else more involved? > > Is anybody doing this currently? Many kernel.org users (Linus and myself included) changed their signing keys last year, so their project histories have tags signed with different keys. I highly doubt anybody revoked old key and re-signed his tags with new one. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html