diff --git a/README.md b/README.md index cea0ff25e0d68c..abe2f6d8102132 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,7 @@ For Current and LTS, the GPG detached signature of `SHASUMS256.txt` is in import the keys: ```console -$ gpg --keyserver hkps://keys.openpgp.org --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D +$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C ``` See [Release keys](#release-keys) for a script to import active release keys. @@ -695,12 +695,8 @@ Primary GPG keys for Node.js Releasers (some Releasers sign with subkeys): `4ED778F539E3634C779C87C6D7062848A1AB005C` * **Bryan English** <> `141F07595B7B3FFE74309A937405533BE57C7D57` -* **Colin Ihrig** <> - `94AE36675C464D64BAFA68DD7434390BDBE9B9C5` * **Danielle Adams** <> `74F12602B6F1C4E913FAA37AD3A89613643B6201` -* **James M Snell** <> - `71DCFD284A79C3B38668286BC97EC7A07EDE3FC1` * **Juan José Arboleda** <> `61FC681DFB92A079F1685E77973F295594EC4689` * **Michaël Zasso** <> @@ -711,14 +707,8 @@ Primary GPG keys for Node.js Releasers (some Releasers sign with subkeys): `890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4` * **Richard Lau** <> `C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C` -* **Rod Vagg** <> - `DD8F2338BAE7501E3DD5AC78C273792F7D83545D` -* **Ruben Bridgewater** <> - `A48C2BEE680E841632CD4E44F07496B3EB3C1762` * **Ruy Adorno** <> `108F52B48DB57BB0CC439B2997B01419BD92F80A` -* **Shelley Vohr** <> - `B9E2F5981AA6E0CD28160D9FF13993A75599653C` To import the full set of trusted release keys (including subkeys possibly used to sign releases): @@ -726,18 +716,13 @@ to sign releases): ```bash gpg --keyserver hkps://keys.openpgp.org --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C gpg --keyserver hkps://keys.openpgp.org --recv-keys 141F07595B7B3FFE74309A937405533BE57C7D57 -gpg --keyserver hkps://keys.openpgp.org --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 gpg --keyserver hkps://keys.openpgp.org --recv-keys 74F12602B6F1C4E913FAA37AD3A89613643B6201 -gpg --keyserver hkps://keys.openpgp.org --recv-keys 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 gpg --keyserver hkps://keys.openpgp.org --recv-keys 61FC681DFB92A079F1685E77973F295594EC4689 gpg --keyserver hkps://keys.openpgp.org --recv-keys 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 gpg --keyserver hkps://keys.openpgp.org --recv-keys C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 gpg --keyserver hkps://keys.openpgp.org --recv-keys 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 gpg --keyserver hkps://keys.openpgp.org --recv-keys C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C -gpg --keyserver hkps://keys.openpgp.org --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D -gpg --keyserver hkps://keys.openpgp.org --recv-keys A48C2BEE680E841632CD4E44F07496B3EB3C1762 gpg --keyserver hkps://keys.openpgp.org --recv-keys 108F52B48DB57BB0CC439B2997B01419BD92F80A -gpg --keyserver hkps://keys.openpgp.org --recv-keys B9E2F5981AA6E0CD28160D9FF13993A75599653C ``` See [Verifying binaries](#verifying-binaries) for how to use these keys to @@ -749,6 +734,8 @@ verify a downloaded file. * **Chris Dickinson** <> `9554F04D7259F04124DE6B476D5A82AC7E37093B` +* **Colin Ihrig** <> + `94AE36675C464D64BAFA68DD7434390BDBE9B9C5` * **Danielle Adams** <> `1C050899334244A8AF75E53792EF661D867B9DFA` * **Evan Lucas** <> @@ -759,10 +746,18 @@ verify a downloaded file. `93C7E9E91B49E432C2F75674B0A78B0A6C481CF6` * **Italo A. Casas** <> `56730D5401028683275BD23C23EFEFE93C4CFFFE` +* **James M Snell** <> + `71DCFD284A79C3B38668286BC97EC7A07EDE3FC1` * **Jeremiah Senkpiel** <> `FD3A5288F042B6850C66B31F09FE44734EB7990E` * **Julien Gilli** <> `114F43EE0176B71C7BC219DD50A3051F888C628D` +* **Rod Vagg** <> + `DD8F2338BAE7501E3DD5AC78C273792F7D83545D` +* **Ruben Bridgewater** <> + `A48C2BEE680E841632CD4E44F07496B3EB3C1762` +* **Shelley Vohr** <> + `B9E2F5981AA6E0CD28160D9FF13993A75599653C` * **Timothy J Fontaine** <> `7937DFD2AB06298B2293C3187D33FF9D0246406D`