[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Migrating to GPG - A mini-HOWTO

On Tue, 14 Sep 1999, Martin Schulze wrote:

> > But we decided that we do not -want- to create a new web of trust, it is
> > too much work and totally unnecessary. The RSA patent expires in 11
> > months, it is wastefull to throw everything away now.
> I'm sorry, but that's rediculous.  You and James can't decide that.
> Each maintainer has to decide it on his own.  We can pave ways,
> people have to make their own decision and go the way on their own.

But that is exactly what you are doing with your HOWTO, you are saying
that the official thing for Debian is to have OpenPGP keys that are not
signed by older RSA keys without even mentioning that this is possible and
a good thing to do!
> If the people that signed the key are still known and also use GnuPG
> these days, they can sign the new key as well.  If not, the maintainer
> has to decide what to do.  It's good to have the option to continue
> with the old key, though.

I hope you are not saying that people should sign your new key based on
the fact that they signed your old key - that is an entirely bad idea.


Reply to: