[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#732450: please sign new apache releases only with strong keys -- trimming the KEYS file



Hi,

On 27.12.2013 00:18, Nick Kew wrote:
> What is Debian's view on the relative importance of key size vs breadth
> and depth of the WoT surrounding a key?  I would tend to find an ancient
> 1024-bit key with 100 strong-set sigs much more reassuring than a shiny
> new 4096-bit with just 1 (let alone any number of non-strong-set keys)!

Debian /requires/ new developers to obtain a key being 2048R at least
and urges existing developers migrate to stronger keys, while aiming to
keep a solid WoT. Formal and informal keysigning parties on DebConfs and
resigning requests are a used practice to transition to stronger keys.

Full details are covered in [1][2]. Debian's best practices for a key
migration are documented in [3]

[1] http://lists.debian.org/debian-devel-announce/2010/09/msg00003.html
[2] http://keyring.debian.org/creating-key.html
[3] http://keyring.debian.org/replacing_keys.html

-- 
with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: