> Signing the new key with your old key (86fdc7e2a11262cb), What is the purpose? Who validates such signatures? Which tools validate such signatures? What if the access to the old key was lost? What if the old key was compromised? In that case, signing anything with it would make no sense.
We'd better move towards Sigstore rather than invent new processes with PGP. Vladimir