In order to organize the keyring management better, we will now follow new procedures for managing signatures: ADDING A NEW KEY: Whenever a new developer or TU joins the team, the developer responsible for adding him/her or the TU sponsor (whatever is appropriate) has to open a new task with the "New Key" type in the "Keyring" project on the bug tracker. In that task, the following must be listed: 1) Bug tracker user name of the new dev/TU 2) PGP fingerprint 3) Any links to relevant discussion threads or similar In addition, the information 1) and 2) must be written into a plain-text file, signed with gpg --sign (using a valid packager key) and attached to the bug report. A master key holder can then add the new user to the "Members" group of the "Keyring" project, so he/she can comment and provide additional information (you should all be members of that group and thus be able to see the Keyring project, if anyone isn't, please tell me). REMOVAL OF A KEY: Whenever a TU resigns or a developer leaves the team (or is forcefully removed from the team), a task with the "Key Removal" type must be opened in the "Keyring" project to schedule revocation of the key and necessary rebuilds. A master key holder should remove the user from the "Members" group. OTHERS: Any other issues regarding key signatures should be stated in a task with the "Other" type in the "Keyring" project.