[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian GPG Key maintainence?

On Mon, Jan 06, 2003 at 07:56:31PM +0000, Steve Kemp wrote:

>   Recently I became a member of the Debian project, with
>  a particular email address - one that I've been exclusively
>  using since around 1996.

>   Due to a variety of circumstances I've now stopped using
>  that - although I can still read the mail delivered there.

>   What's the best way to start using the new address with
>  my Debian duties?  Presumably I should create a new key
>  and sign it with the old one.

>   If that's uploaded to keyservers is that sufficient, or
>  do I need my keyring entry updated?  Something that seems
>  to take "a while".

>   I looked on db.debian.org, which I thought would be the
>  obvious place to do this automagically - but no joy.

>   (To complicate matters I've subscribed to debian devel
>  with an email address specific to this mailing list, but
>  that could be changed without too much effort).

You should create a new email uid on the *same* key, using the 'adduid'
command from within the 'gpg --edit-key' interface.  If you no longer
want the old address to be considered valid, you should also revoke the
old uid ('revsig').  Then upload this key to the keyserver, and change
your mail forwarding at db.debian.org.  Your key should still have an
@debian.org uid on it, however, so even if it takes a while for your
update to be included in the keyring, you'll still be able to upload
packages using a debian.org uid.

Do *not* attempt to upload a new PGP key to the keyserver, as this
weakens the Web of Trust.

Steve Langasek
postmodern programmer

Attachment: pgpfNDleGwZAd.pgp
Description: PGP signature

Reply to: