On Mon, Aug 11, 2003 at 06:47:24PM +0200, Marc Haber wrote: > On Mon, 11 Aug 2003 08:01:13 -0500, Steve Langasek > <vorlon@netexpress.net> wrote: > >"I think there are people in the world that are capable of compromising > >my key" is not a good reason to remove your old key from the keyring; > >and "my key has been compromised because of the way I managed it while > >working for Foo, Inc." is not a good reason to allow you to upload a new > >key to the ring (why should the keymaster think you won't handle your > >new key the same way?). > Because people learn. > But if you think the keymaster cannot be bothered, I'll keep the old > and b0rken key around to make you happy. I don't like the idea, but if > this is what the project wants, so be it. > > I think this is part of why it's so hard to get > >a new key into the keyring: there are very few reasons for wanting to > >replace a key that don't reflect poorly on the maintainer. > Well, you're surely perfect. I am not. I make mistakes. I sometimes > use default values and learn a few years later that this was not the > wisest of moves, but of course, that reflects poorly on me. I think > I'll have to live with that. The point was that, if you're asking to replace a key in the keyring beacuse of problems with the way you managed it previously, it would be a good idea to present an explanation to the keymaster. The keymaster's job is not to facilitate arbitrary key changes; it's to protect the keyring from being compromised, while ensuring that trusted keys can be used to upload packages into the archive. This suggests that *not* accepting key replacements without a pretty strong reason is a sensible policy to follow, and that you're more likely to have things go your way if you give the keymaster a reason to believe your request is worth paying attention to. In contrast, "finding my brand new GPG key policy on the WWW is left as an exercise to the reader" doesn't seem to me like an effective use of the keymaster's time. -- Steve Langasek postmodern programmer
Attachment:
pgpitOO1M1KRM.pgp
Description: PGP signature