Stress importance of checking 63fee659 signature on new signing key
With the release of version 4.0.4 of the browser bundle, the signing key was changed to 0x4E2C6E8793298290. I think it is important to stress that if a user had already established a trust chain for Erinn's key 0x416F061063FEE659, then the user should check that Erinn's key signed the new signing key.
I suggest a message should be included in a blog post quickly telling this to users and perhaps giving the quick command gpg --check-sigs 0x4E2C6E8793298290
.
Trac:
Username: martingale