Bug#779377: RFS: classified-ads/0.03-1 / ITP

To: Antti Järvinen <antti.jarvinen@katiska.org>, 779377@bugs.debian.org
Cc: Tobias Frost <tobi@debian.org>
Subject: Bug#779377: RFS: classified-ads/0.03-1 / ITP
From: Paul Wise <pabs@debian.org>
Date: Thu, 2 Apr 2015 12:01:37 +0800
Message-id: <[🔎] CAKTje6EQPM05BO2-rgeWRHAE59MMeNzcstwFhP5CSnHO6hBDVg@mail.gmail.com>
Reply-to: Paul Wise <pabs@debian.org>, 779377@bugs.debian.org
In-reply-to: <[🔎] 21788.19541.463232.147004@muikku.katiska.org>
References: <20150227210804.16934.51869.reportbug@muikku.katiska.org> <20150228121602.c37eba8c2cd341891cec0488@bitmessage.ch> <1425122251.1997.19.camel@debian.org> <21745.56341.680811.785841@muikku.katiska.org> <1425200562.6451.60.camel@debian.org> <21761.12076.870611.217995@muikku.katiska.org> <1426413532.25092.73.camel@debian.org> <21765.63698.615757.547918@muikku.katiska.org> <1426457934.3105.22.camel@debian.org> <21779.17039.957398.299800@muikku.katiska.org> <1427488236.1884.26.camel@debian.org> <21783.7752.589884.389253@muikku.katiska.org> <[🔎] 1427866206.26972.14.camel@debian.org> <[🔎] 21788.19541.463232.147004@muikku.katiska.org>

On Thu, Apr 2, 2015 at 3:51 AM, Antti Järvinen wrote:

> I'll write about this to debian-devel-announce.

That is only for announcements :)

> But here I need advice as https://wiki.debian.org/DebianMaintainer
> says I'll need a PGP-key with at least 2k key length.
>
> The key I used at https://mentors.debian.net/my was my pgp key that I
> normally use. I don't consider it compromised, it is from year 2000
> and has 1k key len -> do I fullfill the requirement if I add
> additional longer encryption key into my current key and replace the
> key in mentors ; the key in there still has no signatures from any
> party relevant in this debian process..

OpenPGP keys of 1024 bits are considered trivially breakable by well
funded organisations:

https://help.riseup.net/en/security/message-security/openpgp/best-practices#use-a-strong-primary-key

Please read through the OpenPGP best practices and do a transition to
a 4096-bit key:

https://help.riseup.net/security/message-security/openpgp/best-practices

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

References:
- Bug#779377: RFS: classified-ads/0.03-1 / ITP
  - From: Tobias Frost <tobi@debian.org>
- Bug#779377: RFS: classified-ads/0.03-1 / ITP
  - From: Antti Järvinen <antti.jarvinen@katiska.org>

Prev by Date: Re: Self-maintained Debian packages best practice
Next by Date: Bug#781622: RFS: opentyrian/2.1.20130907-1 [ITP]
Previous by thread: Bug#779377: RFS: classified-ads/0.03-1 / ITP
Next by thread: Bug#779377: RFS: classified-ads/0.03-1 / ITP
Index(es):
- Date
- Thread