David D.W. Downey writes: > OK folks, I know I'm going to take a serious flamage on this one, but I > hve to publicly declare a revocation for GnuPG Key #0x42D8F306 due to a > extremely bad coding error on my part which completely wiped out the box, > including my ghost image copy of the debian partition. You *CANNOT* revoke a key by sending an email. You can only revoke it by sending a signed revocation certificate to the keyserver, and trying to do otherwise just weakens the PGP infrastructure (either directly by people accepting the revocation or indirectly by people starting to believe that it's an 'ok thing to do'). What you *CAN* do is email a notification that the key in question was lost. It's not revoked - it just sits in never-never land perpetually. So, what with this happening to two (three?) developers in pretty quick succession, I think we should add something to the NM process to ensure that all future developers *HAVE A REVOCATION KEY AVAILABLE*? It wouldn't be such a bad idea for everyone who's read this far to take the five minutes it requires to double-check that they have one themselves... Dave </rant> -- - Dave Baker : dave@dsb3.com : dave@devbrain.com : http://dsb3.com/ - GnuPG: 1024D/D7BCA55D / 09CD D148 57DE 711E 6708 B772 0DD4 51D5 D7BC A55D
Attachment:
pgpghcgbvM9f2.pgp
Description: PGP signature