On Wed, Feb 20, 2008 at 04:23:03PM +0100, David Paleino wrote: > is there any procedure to follow in case one needs to revoke his GPG > key (thus creating a new one)? > > I mean, I have some packages in Debian, which are signed by my current > key (0x1392B174). Packages in Debian are signed by a DD or DM key, which was valid (and in the keyring) at the time the package was installed. So unless you are a DM, your packages were not signed by your key (a sponsor replaces the signature with his own when sponsoring). > Is it sufficient to start signing new packages with my new key? You should get some signatures on your new key so people can trust it. Then you can use it as usual. Thanks, Bas -- I encourage people to send encrypted e-mail (see http://www.gnupg.org). If you have problems reading my e-mail, use a better reader. Please send the central message of e-mails as plain text in the message body, not as HTML and definitely not as MS Word. Please do not use the MS Word format for attachments either. For more information, see http://pcbcn10.phys.rug.nl/e-mail.html
Attachment:
signature.asc
Description: Digital signature