Re: Removing < 2048 bit keys from the Debian keyrings
peter green dijo [Sun, Aug 31, 2014 at 01:27:11PM +0100]:
> Jonathan McDowell wrote:
> >I would ask that DDs make some effort to help
> >those with weak keys get their new, stronger keys signed. Please sign
> >responsibly[4],
> If you have signed someones old key is it considered "responsible"
> to sign their new key based on a transition statement signed by the
> old key? or is a new face-to-face meeting required? I've seen plenty
> of (sometimes conflicting) advice on signing keys of a person you
> have never signed keys for before but not much on the transition
> situation. (note: this is a general question to consider, I'm not
> personally in a position where it would apply)
As you saw through others' answers to your question, it varies a
lot. I personally also don't sign based on transition documents, but
would do so in case the requester *really* needed it. Now, I know that
if at some point my key were to be compromised, I'd also be in a
"needy" situation (as I'm currently the only DD in a ~1000Km radius),
and would have to find a way out.
I have found several people who would sign based on transition
documents, and it's also OK. It's completely a personal issue,
although it does impact us all as a project. Yes, at some point we
will need to make our rules a *little* bit more flexible, but I'd
prefer that flexibility to be made on specific accounts' behalf
(i.e. either by DAM or by keyring-maint, and based on specific checks
such as a phone verification) than to suggest to everybody to relax.
Reply to: