/assign @archlinux/teams/main-key-holders /label ~"new main key" /title New main key of # Add a new main key ## Details - Username: - PGP key ID: - Revocation Certificate Holder: ## Checks **NOTE**: The below check boxes **must be** checked before the accompanying merge request to add the new main key can be merged. ### Owner of new key - [ ] The [workflow for adding a new main key](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/wikis/workflows/add-a-new-main-key) has been followed - [ ] The key pair has been validated according to the [best practices](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/wikis/best-practices#validating-a-key-pair) - [ ] The data in the [Details](#details) section is attached to this issue as a clearsigned document - [ ] The revocation certificate has been sent in an encrypted message to the revocation certificate holder - [ ] The public key has been uploaded to the `keyserver.ubuntu.com` and `keys.openpgp.org` keyservers, and the `archlinux.org` UID has been verified on the `keys.openpgp.org` keyserver. Optionally the key can also be uploaded to the `pgp.mit.edu` keyserver, but this is no longer mandatory as it's frequently flaky. - [ ] A merge request to add the new public key has been created ### Revocation Certificate Holder - [ ] The revocation certificate has been [verified as working](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/wikis/workflows/verify-a-revocation-certificate) and confirmed in a comment to this issue - [ ] The revocation certificate has been backed up on a dedicated encrypted backup storage medium ### Main key holders - [ ] The data in the [Details](#details) section is correct and signed with a valid and trusted packager key, which is already part of `archlinux-keyring`