Re: Andrew Starr-Bochicchio: Application for Debian Maintainership

To: Andrew Starr-Bochicchio <a.starr.b@gmail.com>
Cc: debian-newmaint@lists.debian.org
Subject: Re: Andrew Starr-Bochicchio: Application for Debian Maintainership
From: Aníbal Monsalve Salazar <anibal@debian.org>
Date: Fri, 24 Sep 2010 00:02:50 +0000
Message-id: <[🔎] 20100924000250.GA2608@master.debian.org>
In-reply-to: <[🔎] 1284136601.9168.38.camel@andrew-laptop>
References: <[🔎] 1284136601.9168.38.camel@andrew-laptop>

On Fri, Sep 10, 2010 at 12:36:41PM -0400, Andrew Starr-Bochicchio wrote:
>My GnuPG key 6286FB6D is signed by the Debian Developer Steve Langasek.

Steve's key 29982E5A (which was used to sign your key 6286FB6D) is not
in the DD keyring anymore.

Note that due to weaknesses found with the SHA1 hashing algorithm Debian
wants stronger RSA keys that are at least 4096 bits and preferring SHA2.
To create one, see Creating a new GPG key[0]. Also see OpenPGP Best
Practices[1]. 

Please consider using a strong 4Kb RSA key for your DM application.

Please read the thread starting at:

http://lists.debian.org/debian-devel-announce/2010/09/msg00003.html
http://lists.debian.org/debian-devel/2010/09/msg00270.html

To migrate your WoT, you should read "HOWTO prep for migration off of
SHA-1 in OpenPGP" at [2].

[0] http://keyring.debian.org/creating-key.html
[1] https://we.riseup.net/riseuplabs+paow/openpgp-best-practices
[2] http://www.debian-administration.org/users/dkg/weblog/48

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Andrew Starr-Bochicchio: Application for Debian Maintainership
  - From: Andrew Starr-Bochicchio <a.starr.b@gmail.com>

Prev by Date: Re: Andrew Starr-Bochicchio: Application for Debian Maintainership
Next by Date: Re: Advocating Andreas B. Mundt <andi.mundt@web.de>
Previous by thread: Re: Andrew Starr-Bochicchio: Application for Debian Maintainership
Next by thread: NM Report for Week Ending 12 Sep 2010
Index(es):
- Date
- Thread