From c844885dd56e72321c1e8b97f598131df02537cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Re=C5=9Fat=20SABIQ?= Date: Wed, 1 Apr 2020 10:41:08 +0600 Subject: [PATCH 1/4] doc: make README(.md) more informative by indicating that a GPG key used to sign a release could be a sub-key of a key listed in README(.md) (which itself isn't listed in it) Update README.md. Fixes: nodejs#32559 --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c7fe50e2e95278..50fe5028b27c60 100644 --- a/README.md +++ b/README.md @@ -542,7 +542,8 @@ maintaining the Node.js project. ### Release Keys -GPG keys used to sign Node.js releases: +GPG keys used to sign Node.js releases (you may encounter a release signed +by a sub-key of a key listed below (which itself isn't listed below)): * **Beth Griggs** <bethany.griggs@uk.ibm.com> `4ED778F539E3634C779C87C6D7062848A1AB005C` From fa685530ed082025aa4fa62b96359ccc55f918ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Re=C5=9Fat=20SABIQ?= Date: Wed, 1 Apr 2020 10:43:44 +0600 Subject: [PATCH 2/4] doc: additional note in README(.md) informing users that they may need to import a key used to sign a release & check whether it is a sub-key of a primary key listed in README(.md) (which itself isn't listed in it)... Addition README.md update Fixes: nodejs#32559 --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 50fe5028b27c60..3b38a8e4128dda 100644 --- a/README.md +++ b/README.md @@ -566,7 +566,9 @@ by a sub-key of a key listed below (which itself isn't listed below)): * **Shelley Vohr** <shelley.vohr@gmail.com> `B9E2F5981AA6E0CD28160D9FF13993A75599653C` -To import the full set of trusted release keys: +If you encounter a release signed by a key not listed above, please import it +and check whether it is a sub-key of a primary key listed above. You can also +import the full set of trusted release keys: ```shell gpg --keyserver pool.sks-keyservers.net --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C From 6fe585e27e59745534602d60ee62248f24142cc3 Mon Sep 17 00:00:00 2001 From: haqer1 Date: Sat, 4 Apr 2020 15:40:14 +0600 Subject: [PATCH 3/4] apply suggestions from code review Co-Authored-By: Myles Borins --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index 3b38a8e4128dda..50fe5028b27c60 100644 --- a/README.md +++ b/README.md @@ -566,9 +566,7 @@ by a sub-key of a key listed below (which itself isn't listed below)): * **Shelley Vohr** <shelley.vohr@gmail.com> `B9E2F5981AA6E0CD28160D9FF13993A75599653C` -If you encounter a release signed by a key not listed above, please import it -and check whether it is a sub-key of a primary key listed above. You can also -import the full set of trusted release keys: +To import the full set of trusted release keys: ```shell gpg --keyserver pool.sks-keyservers.net --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C From 333072cc8c4cb4fecf570cf42117a7cf37abec43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Re=C5=9Fat=20SABIQ?= Date: Sat, 4 Apr 2020 15:48:41 +0600 Subject: [PATCH 4/4] apply suggestions from code review Co-Authored-By: Myles Borins --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 50fe5028b27c60..a8d0b074bf5488 100644 --- a/README.md +++ b/README.md @@ -542,8 +542,7 @@ maintaining the Node.js project. ### Release Keys -GPG keys used to sign Node.js releases (you may encounter a release signed -by a sub-key of a key listed below (which itself isn't listed below)): +Primary GPG keys for Node.js Releasers (some Releasers sign with subkeys): * **Beth Griggs** <bethany.griggs@uk.ibm.com> `4ED778F539E3634C779C87C6D7062848A1AB005C`