On Tue, Sep 14, 2010 at 10:57:49PM +0100, Stuart Prescott wrote: >My GnuPG key 0x71C5D1A8 is signed by the Debian Developers Michael Banck >(azeem), Jo Shields (directhex) and Moray Allan (moray). Note that due to weaknesses found with the SHA1 hashing algorithm Debian wants stronger RSA keys that are at least 4096 bits and preferring SHA2 (however, 2048R keys could be accepted in special circumstances). To create one, see Creating a new GPG key[0]. Also see OpenPGP Best Practices[1]. Please consider using a strong 4Kb RSA key for your DM application. Please read the thread starting at: http://lists.debian.org/debian-devel-announce/2010/09/msg00003.html http://lists.debian.org/debian-devel/2010/09/msg00270.html To migrate your WoT, you should read "HOWTO prep for migration off of SHA-1 in OpenPGP" at [2]. [0] http://keyring.debian.org/creating-key.html [1] https://we.riseup.net/riseuplabs+paow/openpgp-best-practices [2] http://www.debian-administration.org/users/dkg/weblog/48
Attachment:
signature.asc
Description: Digital signature