From d8e2b007e3a66363e9f67ab576bd37845a52c815 Mon Sep 17 00:00:00 2001
From: Javen O'Neal <onealj@apache.org>
Date: Wed, 9 Nov 2016 08:57:26 +0000
Subject: KEYS file should only have public keys used to sign previous releases

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1768877 13f79535-47bb-0310-9956-ffa450edef68
---
 KEYS | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'KEYS')

diff --git a/KEYS b/KEYS
index adc245d131..5926e7c288 100644
--- a/KEYS
+++ b/KEYS
@@ -9,6 +9,14 @@ Developers:
         (gpg --list-key <your email>
              && gpg --armor --export <your email>) >> this file.
 
+Since the KEYS may be needed to check signatures for archived
+releases, it is important that all keys that have ever been used
+to sign releases are retained in the file. Entries should only
+be added, not removed.
+To keep the KEYS file manageable, it's recommended to only add
+the keys of committers who have signed releases.
+https://www.apache.org/dev/release-signing#keys-policy
+https://people.apache.org/keys/
 
 
 pub  1024D/12DAE9BE 2004-01-25 Glen Stampoultzis <glens@apache.org>
-- 
cgit v1.2.3