Bug#779377: RFS: classified-ads/0.03-1 / ITP
On Thu, Apr 2, 2015 at 3:51 AM, Antti Järvinen wrote:
> I'll write about this to debian-devel-announce.
That is only for announcements :)
> But here I need advice as https://wiki.debian.org/DebianMaintainer
> says I'll need a PGP-key with at least 2k key length.
>
> The key I used at https://mentors.debian.net/my was my pgp key that I
> normally use. I don't consider it compromised, it is from year 2000
> and has 1k key len -> do I fullfill the requirement if I add
> additional longer encryption key into my current key and replace the
> key in mentors ; the key in there still has no signatures from any
> party relevant in this debian process..
OpenPGP keys of 1024 bits are considered trivially breakable by well
funded organisations:
https://help.riseup.net/en/security/message-security/openpgp/best-practices#use-a-strong-primary-key
Please read through the OpenPGP best practices and do a transition to
a 4096-bit key:
https://help.riseup.net/security/message-security/openpgp/best-practices
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: