ASF committers can add key fingerprints to their LDAP record using the Self-service web application.
Only the fingerprints are stored in the LDAP record.
The corresponding keys must be uploaded to a public key server.
The files in the Committer keys directory are autogenerated from LDAP records and grouped by ASF id.
(The public keys are downloaded from a public key server using the fingerprints from LDAP)
The files in the Project keys directory are generated from the Committer keys, and grouped by project/podling.
Project membership is determined from the LDAP unix and committee groups (not committee-info.txt) and the current podlings listing from Whimsy.
Note: the project group files are not directly suitable for use as KEYS files for authenticating releases - i.e. they should not be linked from download pages.
This is because: