Tony Houghton writes: > I'm a sponsored maintainer (of roxterm) and I've just approached a local > DD to have my key signed. He pointed out that SHA1-generated keys are > deprecated so I should probably generate a new, more secure, key. As my > old key is already presumably "in the system" due to existing versions > of roxterm, how should I go about replacing it with a new one? Hi, There is nothing to replace. Your source package always gets rebuilt by your sponsors and signed by their own gpg key, i.e. they are responsible for the upload in the same way they are responsible for their own packages uploads. You can check that out with 'who-uploads source_package_name'. -- pub 4096R/0E4BD0AB <people.fccf.net/danchev/key pgp.mit.edu>
Attachment:
signature.asc
Description: This is a digitally signed message part.