Re: Where should I upload my public key?
On Thu, 26 May 2005, Nigel Jones wrote:
> On 26/05/05, Steve Langasek <vorlon@debian.org> wrote:
> > > To do uploads, you need your public GPG key signed by a Debian Developer
> > > in the Debian keyring. This means for you to be a Debian Developer
> > > yourself, having passed the NM procedure with all its tests and so on.
> >
> > Having your key signed by a DD is not a requirement; the requirement is only
> > that you be a DD. Having your key signed by a DD is a *normal* part of
> > becoming a DD, but not a *required* part.
>
> Hmmm everywhere I have read over the past few days has implied that
> "Your GPG key MUST be signed by a current DD" which actually puts me
> off ever considering to become a DD, just maintaining one or two
> 'sponsored' packages.
It is strongly advised to have your key signed by a current DD, and only
when it is not possible due to being in a region where no DDs ever show up
or something similar you can become a DD without such a signature.
If you only want to maintain one or two packages you maybe don't want to
become a DD?
> But keeping in beat with the topic, where should a person that is
> going to maintain a package submit his/her key? So far I submitted it
> to keyserver.net (I don't think the debian project relies on that one
> though).
Any keyserver from the subkeys.pgp.net network will do. We advise one of
these because we look at them first, but more important because they
behave (mainly no issues with subkeys or duplicate uids).
Cheers
Luk
Reply to: