On Sep 14, Michael Stone <mstone@debian.org> wrote: >> I signed my DSS key with the old RSA key and then asked people who >> signed the old key to sign the new one with their DSS key. >> This is easy and secure. >Again, no it isn't. How do they know that someone didn't steal your pgp >key? I'm using the RSA key for other things so they still have to trust it. We have not outlawed RSA keys, so debian still trusts them too. -- ciao, Marco