I do my best to keep my email address private. Unfortunately, Git requires that all users provide their email address. As such, I’ve used a GitHub-provided email address that ignores all emails sent to it. Up until now, it was email@example.com. As of today, I have upgraded the email address to firstname.lastname@example.org.
When I changed the address, GitHub removed the old one from my account and then unverified all my past commits (stating “The email in this signature doesn’t match the committer email”). GitHub still identifies the commit as mine, and provides the same PGP key; it just doesn’t recognize the email address as verified.
In case anyone cares, I declare that all Git commits prior to January 2, 2019, which are linked to JBYoshi on GitHub and signed using the PGP key with the fingerprint
E726 40D0 9D0C A9EE A098 79C5 468C 8081 1BCC 9A6A (abbreviated
468C80811BCC9A6A) shall be considered as valid as those created on and after January 2, 2019 which otherwise meet those requirements. As proof, I have signed the commit originally creating this message with my new email and updated PGP key, and GitHub now shows it as verified.
My updated PGP key can be downloaded from the SKS key pool in the same way as my original PGP key once the update propagates. The fingerprint and key ID will be identical. If both email addresses show up in the search results, you should be good to go. As of the time of writing, the update is available on agora.cenditel.gob.ve:11371, and will make its way to the rest of the servers during the day.