On Mon, Jan 06, 2003 at 07:56:31PM +0000, Steve Kemp wrote: > Recently I became a member of the Debian project, with > a particular email address - one that I've been exclusively > using since around 1996. > Due to a variety of circumstances I've now stopped using > that - although I can still read the mail delivered there. > What's the best way to start using the new address with > my Debian duties? Presumably I should create a new key > and sign it with the old one. > If that's uploaded to keyservers is that sufficient, or > do I need my keyring entry updated? Something that seems > to take "a while". > I looked on db.debian.org, which I thought would be the > obvious place to do this automagically - but no joy. > (To complicate matters I've subscribed to debian devel > with an email address specific to this mailing list, but > that could be changed without too much effort). You should create a new email uid on the *same* key, using the 'adduid' command from within the 'gpg --edit-key' interface. If you no longer want the old address to be considered valid, you should also revoke the old uid ('revsig'). Then upload this key to the keyserver, and change your mail forwarding at db.debian.org. Your key should still have an @debian.org uid on it, however, so even if it takes a while for your update to be included in the keyring, you'll still be able to upload packages using a debian.org uid. Do *not* attempt to upload a new PGP key to the keyserver, as this weakens the Web of Trust. -- Steve Langasek postmodern programmer
Attachment:
pgpagVBmtLU3t.pgp
Description: PGP signature