ASF committers can add key fingerprints to their LDAP record using the SelfServe or
Whimsy web application.
Only the fingerprints are stored in the LDAP record.
The corresponding keys must be uploaded to a public key server.
The files in the Committer keys directory are autogenerated once a day from LDAP records and grouped by ASF id.
(The public keys are downloaded from a public key server using the fingerprints from LDAP)
Note that LDAP currently contains some entries which are the short key id (8 hex chars) rather than the full fingerprint (40 chars).
These key id entries are ignored because they are not guaranteed unique; and it has been shown that they can be spoofed.
If your key does not appear in your
.asc file, check that the whole fingerprint is present.
Also check that there are no leading or trailing spaces (embedded spaces are OK) because LDAP encodes these (and some other apps may not be able to decode them)
Project group files are no longer created.
They are not suitable for use as KEYS files for authenticating releases
This is because: