Thomas Goirand dijo [Tue, Mar 04, 2014 at 11:49:48AM +0800]: > I salute this effort! :) Yay! :) > On 03/04/2014 02:13 AM, Gunnar Wolf wrote: > > As keyring maintainers, we no longer consider 1024D keys to be > > trustable. We are not yet mass-removing them, because we don't want to > > hamper the project's work, but we definitively will start being more > > aggressively deprecating their use. > > What does this mean? Is there a schedule in place? > Also, how many 1024D keys are still in the keyring? Well, following Clint's post¹ (which I mentioned in my post), we were at 611 DSA (1024D) vs. 383 RSA (2048R and higher). With 18 DD keys mentioned in the post (plus two since then, yay! :) ), we should stand at 591 vs. 403 (minus some statistical noise - IIRC only one DM became a DD in this same period). About a schedule: No, we do not currently have it. We should work on getting a plan for this. Now, it is not an easy task to get done, and as we might effectively end up locking out many DDs, I'm thinking (and I have not yet talked this over in the team, but we should discuss it) we should get formal support from the project in the form of a GR or something like that... Of course, that after sketching a real plan with stages and dates. ¹ https://lists.debian.org/debian-project/2014/02/msg00119.html
Attachment:
signature.asc
Description: Digital signature