[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian preferred maintainer pgp key parameters?

Hi Bill,

Bill> I'm intending to start changing change the maintainer address
Bill> on my packages to "Bill Mitchell <mitchell@master.debian.org>".
Bill> Since this will involve generating a new pgp key, I'd like to
Bill> use whatever key parameters are preferred for Debian maintainers.

No, don't do that!
Generating a new key, only for changing your e-Mail address is overkill
(I'm almost sure, there is >= 1 grammatical bug in the previous sentence).

Citing _PGP Pretty Good Privacy_, p 178ff (ISBN 1-56592-098-8):

  Changing Your user ID (-ke option):

  ...
  unix%pgp -ke
  ...
  Enter the key's user ID: you
  ...
  Enter pass phrase: xxx
  ...
  Do you want to add a new user ID (y/N)? y
  ...
  Enter the new user id: you@new.address
  ...
  Make this user ID the primary user ID for this key (y/N)? y
  ...
  Do you want to change your pass phrase (y/N)? n
  ...

If you regenerate a new key, 
i)   everybody thinks that your old one was compromised, and, even worse
ii)  the old key might not match, and -- furthermore --
iii) you might have some old keys on the key-server.

Bill> What's preferred -- 512, 768, or 1024 bits?

1024 bits.

Hope this helps,
  David

PS: CC'ing to debian-devel, since this information might be interesting
    for others too.
-- 
David Frey <david@eos.lugs.ch>
Reply to: