diff --git a/contrib/builder-keys/README.md b/contrib/builder-keys/README.md index c883b3fa6f..e31ac6fa87 100644 --- a/contrib/builder-keys/README.md +++ b/contrib/builder-keys/README.md @@ -1,15 +1,26 @@ -PGP keys -======== +## PGP keys of builders and Developers -This folder contains the public keys of developers and active contributors. +The file `keys.txt` contains fingerprints of the public keys of builders and +active developers. The keys are mainly used to sign git commits or the build results of builds. -You can import the keys into gpg as follows. Also, make sure to fetch the -latest version from the key server to see if any key was revoked in the -meantime. +The most recent version of each pgp key can be found on most pgp key servers. + +Fetch the latest version from the key server to see if any key was revoked in +the meantime. +To fetch the latest version of all pgp keys in your gpg homedir, ```sh -gpg --import ./*.pgp gpg --refresh-keys ``` + +To fetch keys of builders and active developers, feed the list of fingerprints +of the primary keys into gpg: + +```sh +while read fingerprint keyholder_name; do gpg --keyserver hkp://subset.pool.sks-keyservers.net --recv-keys ${fingerprint}; done < ./keys.txt +``` + +Add your key to the list if you provided Guix attestations for two major or +minor releases of Dash Core.