[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Andrew Starr-Bochicchio: Application for Debian Maintainership

On Fri, Sep 10, 2010 at 12:36:41PM -0400, Andrew Starr-Bochicchio wrote:
>My GnuPG key 6286FB6D is signed by the Debian Developer Steve Langasek.

Steve's key 29982E5A (which was used to sign your key 6286FB6D) is not
in the DD keyring anymore.

Note that due to weaknesses found with the SHA1 hashing algorithm Debian
wants stronger RSA keys that are at least 4096 bits and preferring SHA2.
To create one, see Creating a new GPG key[0]. Also see OpenPGP Best

Please consider using a strong 4Kb RSA key for your DM application.

Please read the thread starting at:


To migrate your WoT, you should read "HOWTO prep for migration off of
SHA-1 in OpenPGP" at [2].

[0] http://keyring.debian.org/creating-key.html
[1] https://we.riseup.net/riseuplabs+paow/openpgp-best-practices
[2] http://www.debian-administration.org/users/dkg/weblog/48

Attachment: signature.asc
Description: Digital signature

Reply to: