[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Reminder: Removing < 2048 bit keys from the Debian keyrings

On Sat, November 8, 2014 17:09, Jonathan McDowell wrote:
> We had hoped to be down to a small number of special cases to deal with
> by this point, but with the numbers still looking this bad we're not
> yet at a stage where we can work out appropriate next steps for those
> special cases.

In the list you post, I see lots of names of people I know to be inactive
for years now. Removing all those keys from the ring would therefore maybe
not be such a disaster, because the majority is no longer regularly
contributing to Debian.

To make this a bit more concrete, I've matched the uids against echelon,
and this is the outcome:

    160 2014
     42 2013
     54 2012
     31 2011
     24 2010
     31 2009
     21 2008
     17 2007
      7 2006
      5 2005
      2 2004
      1 2003
      1 2002

So 160 keys were used this year, which is cause for concern if they are
removed. However, it means 236 keys have not seen use in 2014 yet. And of
those 160 keys have been used most recently in 2011; of those we can be
rather certain that removing their key from the ring actually confirms the
status quo rather than disrupt it.

It therefore makes sense not to focus on the number of 436, but on the
ones that have actually been used in 2014; get that first number of 160
closer to 0.


Cheers,
Thijs
Reply to: