[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Intent to become a Debian Maintainer (DM)

Hi Daniel

On Mon, May 11, 2009 at 01:24:47AM -0400, Daniel Kahn Gillmor wrote:
> On 05/10/2009 10:42 PM, Paul Wise wrote:
> > On Sun, May 10, 2009 at 6:27 PM, Salvatore Bonaccorso
> > <salvatore.bonaccorso@gmail.com> wrote:
> > 
> >> My GnuPG key 518DA394 is signed by the Debian Developers:
> > 
> > 0x518DA394 is a 1024-bit DSA key, you might want to switch to a new key:
> > 
> > http://www.debian-administration.org/users/dkg/weblog/48
> As the author of this blog post (and as a DM, and as someone currently
> in NM), i'd certainly be happy if new DMs (and those in process) would
> consider it.  It'll put us all in a better position should SHA-1 become
> more severely compromised.
> But it shouldn't be any sort of binding requirement unless we're willing
> to go through the usual policy procedure, so that reasonable people have
> a chance to discuss the requirements.  We haven't seen anything like a
> specific, demonstrated attack against our infrastructure, and rushing
> into a requirement without discussion seems just as likely to end up
> with poor requirements as it does more robust infrastructure.
> Since the DM process has a mandatory 1-year renewal period (the "DM
> ping"), any change in policy could take effect in a relatively short
> time anyway.
> So Salvatore, please consider the recommendations, but also feel free to
> continue on the DM process (i believe you still need an advocate) with
> the key you have (since it's already signed by two DDs), and consider
> having a new key available before you get the chance to meet up with any
> other DDs, so that you can have a stronger key in the DM keyring when
> you get a chance.

I'm really appreciating your detailed explanation and your view on that. 
I would anyway try to get again signatures from Adrian von Bidder and Daniel 
Lutz on a new key, since they are both in the same country.

Yes you are correct, I still need an advocate for my application.

Many thanks and kind regards

Attachment: signature.asc
Description: Digital signature

Reply to: