Re: Migrating to GPG - A mini-HOWTO

To: Martin Schulze <joey@infodrom.north.de>
Cc: Debian Development <debian-devel@lists.debian.org>
Subject: Re: Migrating to GPG - A mini-HOWTO
From: Jason Gunthorpe <jgg@ualberta.ca>
Date: Tue, 14 Sep 1999 11:10:11 -0600 (MDT)
Message-id: <[🔎] Pine.LNX.3.96.990914110056.3403g-100000@Wakko.deltatee.com>
In-reply-to: <[🔎] 19990914082754.C15684@finlandia.infodrom.north.de>

On Tue, 14 Sep 1999, Martin Schulze wrote:

> > But we decided that we do not -want- to create a new web of trust, it is
> > too much work and totally unnecessary. The RSA patent expires in 11
> > months, it is wastefull to throw everything away now.

> I'm sorry, but that's rediculous.  You and James can't decide that.
> Each maintainer has to decide it on his own.  We can pave ways,
> people have to make their own decision and go the way on their own.

But that is exactly what you are doing with your HOWTO, you are saying
that the official thing for Debian is to have OpenPGP keys that are not
signed by older RSA keys without even mentioning that this is possible and
a good thing to do!

> If the people that signed the key are still known and also use GnuPG
> these days, they can sign the new key as well.  If not, the maintainer
> has to decide what to do.  It's good to have the option to continue
> with the old key, though.

I hope you are not saying that people should sign your new key based on
the fact that they signed your old key - that is an entirely bad idea.

Jason

Reply to:

Follow-Ups:
- Re: Migrating to GPG - A mini-HOWTO
  - From: Martin Schulze <joey@finlandia.Infodrom.North.DE>
- Re: Migrating to GPG - A mini-HOWTO
  - From: Michael Meskes <meskes@debian.org>

References:
- Re: Migrating to GPG - A mini-HOWTO
  - From: Martin Schulze <joey@finlandia.Infodrom.North.DE>

Prev by Date: New ML: debian-events
Next by Date: Re: Migrating to GPG - A mini-HOWTO
Previous by thread: Re: Migrating to GPG - A mini-HOWTO
Next by thread: Re: Migrating to GPG - A mini-HOWTO
Index(es):
- Date
- Thread