On Fri, 11 May 2012 10:05:47 +0200, Florian Schlichting <fschlich@ZEDAT.FU-Berlin.DE> wrote:
> Hi Antoine,
>
> thanks for looking at irssi-plugin-xmpp!
>
> > This is looking good. Is there any way I can get a signed PGP key from
> > you to verify this package? At least having the key from a keyserver...
>
> please find below the gpg key that I used to upload the package to
> mentors. It is a key that I created on the fly on a VM I used for
> packaging. Since in theory, this VM is accessible to a varying group of
> other people, I consider it a "throwaway" key and never uploaded it
> to a keyserver.
>
> I have an old 1024D key, which is even signed by some DDs, and I
> recently created a 4096R key (not uploaded yet) which I intend to
> transition to, as I understand that going into newmaint requires a
> stronger key (or does it?). If you want me to re-upload
> irssi-plugin-xmpp to mentors signed with one of those keys, I'd be very
> happy to do so (provided mentors will allow me to delete and then
> re-upload the same version...)
I don't think using such throw away keys is a good practice for debian
packages. You can use the "debsign" utility to remotely sign packages
with your local key.
I would be happy to get your old and new keys, and if you can reupload
your package with that, that would be better.
Thanks!
A.
--
You Are What You Is
- Frank Zappa
Attachment:
pgpQ6PQEA2XAe.pgp
Description: PGP signature