Re: Having more than one key in the Debian keyring

To: debian-devel@lists.debian.org
Subject: Re: Having more than one key in the Debian keyring
From: Marc Haber <mh+debian-devel@zugschlus.de>
Date: Mon, 11 Aug 2003 18:47:24 +0200
Message-id: <[🔎] E19mFpN-0007BB-MM@torres.ka0.zugschlus.de>
In-reply-to: <[🔎] 20030811130111.GA1104@quetzlcoatl.dodds.net>
References: <[🔎] E19l4Ne-0007dr-5F@torres.ka0.zugschlus.de> <[🔎] 20030808191158.GD30640@imladris.debian.net> <[🔎] E19lEBE-0000T9-H6@torres.ka0.zugschlus.de> <[🔎] 20030811130111.GA1104@quetzlcoatl.dodds.net>

On Mon, 11 Aug 2003 08:01:13 -0500, Steve Langasek
<vorlon@netexpress.net> wrote:
>"I think there are people in the world that are capable of compromising
>my key" is not a good reason to remove your old key from the keyring;
>and "my key has been compromised because of the way I managed it while
>working for Foo, Inc." is not a good reason to allow you to upload a new
>key to the ring (why should the keymaster think you won't handle your
>new key the same way?).

Because people learn.

But if you think the keymaster cannot be bothered, I'll keep the old
and b0rken key around to make you happy. I don't like the idea, but if
this is what the project wants, so be it.

>  I think this is part of why it's so hard to get
>a new key into the keyring: there are very few reasons for wanting to
>replace a key that don't reflect poorly on the maintainer.

Well, you're surely perfect. I am not. I make mistakes. I sometimes
use default values and learn a few years later that this was not the
wisest of moves, but of course, that reflects poorly on me. I think
I'll have to live with that.

>Of
>course, if you didn't /create/ a subkey for your work-related use, we
>come back to the question of the fitness of past and future methods of
>personal key management.

Will you please point a mere human to an URL where you have laid out
methods of key management that live to your expectations?

>Were I the keymaster (and I'm not), I would expect anyone asking to
>replace their key in the keyring to provide a very detailed explanation
>of why this is necessary, as well as providing concrete assurances that
>this will not be necessary in the future (i.e., explaining what steps
>you've taken to prevent future problems).

Finding my brand new GPG key policy on the WWW is left as an exercise
to the reader.

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29

Reply to:

Follow-Ups:
- Re: Having more than one key in the Debian keyring
  - From: Steve Langasek <vorlon@netexpress.net>

References:
- Having more than one key in the Debian keyring
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Having more than one key in the Debian keyring
  - From: Kyle McMartin <kyle@gondolin.debian.net>
- Re: Having more than one key in the Debian keyring
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Having more than one key in the Debian keyring
  - From: Steve Langasek <vorlon@netexpress.net>

Prev by Date: Re: correct perms for logcheck config files?
Next by Date: Re: kernel-headers as Build-Depends
Previous by thread: Re: Having more than one key in the Debian keyring
Next by thread: Re: Having more than one key in the Debian keyring
Index(es):
- Date
- Thread