[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GPG key change

On Wed, Feb 20, 2008 at 04:23:03PM +0100, David Paleino wrote:
> is there any procedure to follow in case one needs to revoke his GPG
> key (thus creating a new one)?
> I mean, I have some packages in Debian, which are signed by my current
> key (0x1392B174).

Packages in Debian are signed by a DD or DM key, which was valid (and in
the keyring) at the time the package was installed.  So unless you are a
DM, your packages were not signed by your key (a sponsor replaces the
signature with his own when sponsoring).

> Is it sufficient to start signing new packages with my new key?

You should get some signatures on your new key so people can trust it.
Then you can use it as usual.


I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://pcbcn10.phys.rug.nl/e-mail.html

Attachment: signature.asc
Description: Digital signature

Reply to: