[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hoping to become a developer soon. Looking for sponsor

On Sat, Dec 14, 2002 at 08:04:12PM -0700, Patrick Klee wrote:
>     I am Patrick Klee.  I have done everything on the checklist for
> becoming a Debian developer.  I need my key signed and a sponsor, and
> I think I am ready, so who do I ask?  I have a key made that is 768
> bytes and never expires.  I also, live in Wichita, Kansas.  Hopefully
> my friend Jon Hall is on this list, because I have been pressuring him
> to sign my key cause he lives in my area.  :D

You should make stronger key, 1024 bit DSA at least. Loot at Debian
Developer's Reference, 2.2 Registering as a Debian developer:

  The recommended public key algorithm for use in Debian development
  work is the DSA (sometimes call ``DSS'' or ``DH/ElGamal''). Other key
  types may be used however. Your key length must be at least 1024 bits;
  there is no reason to use a smaller key, and doing so would be much
  less secure. Your key must be signed with at least your own user ID;
  this prevents user ID tampering. gpg does this automatically.

I think that making keys that never expire is insecure too. In five
years from know, when you will get hacked once or twice and grow more
paraniod about security, you may regret having your old, weak, unexpired
key wandering somewhere and probably deceiving some people to believe
that it provides a safe way to exchange data with you.

Dmitry Borodaenko

Reply to: