On Mon, Mar 03, 2014 at 10:28:41PM -0600, Gunnar Wolf wrote: > Thomas Goirand dijo [Tue, Mar 04, 2014 at 11:49:48AM +0800]: > > On 03/04/2014 02:13 AM, Gunnar Wolf wrote: > > > As keyring maintainers, we no longer consider 1024D keys to be trustable. > > > We are not yet mass-removing them, because we don't want to hamper the > > > project's work, but we definitively will start being more aggressively > > > deprecating their use. > > > > What does this mean? Is there a schedule in place? Also, how many 1024D > > keys are still in the keyring? > > Well, following Clint's post¹ (which I mentioned in my post), we were at 611 > DSA (1024D) vs. 383 RSA (2048R and higher). With 18 DD keys mentioned in the > post (plus two since then, yay! :) ), we should stand at 591 vs. 403 (minus > some statistical noise - IIRC only one DM became a DD in this same period). > > About a schedule: No, we do not currently have it. We should work on getting > a plan for this. I propose 2014-SEP-01. Gives people six months to get this done. Even *I* can get it done in that amount of time. I've already emailed my fellow Vancouver Debian Developers in the hopes of coordinating a revolution^Wkeysigning [1]. > Now, it is not an easy task to get done, and as we might effectively end up > locking out many DDs, I'm thinking (and I have not yet talked this over in > the team, but we should discuss it) we should get formal support from the > project in the form of a GR or something like that... Of course, that after > sketching a real plan with stages and dates. I don't think a GR is required. Keyring Maintainer is a role within the Project with Delegated Powers. Just Do It® [2], I say. [1] This is _Vancouver_ after all. [2] Nike, don't sue me. -- Luca Filipozzi http://www.crowdrise.com/SupportDebian
Attachment:
signature.asc
Description: Digital signature