Boris Pek dijo [Wed, Jan 11, 2012 at 10:02:28AM +0200]: > > I have read all related documentation before send the message. > > Procedure [4] affects only DD. But I am not even DM now. > > And it seems like the key of a sponsored maintainer does not matter and it can > > be changed in any moment. Because only one important thing in upload to the main > > repo is the sign of sponsor (DD) which is checked by bot. > > Correct me if I am wrong. > > > > That's why I asked the question. > > In other words. > Should I sign my new key by old one or make any other action? > Or can I just use new key as it is? < keyring-maint hat on > Sorry for the delay, as I should have answered to your question earlier on. Yes, if you want to get closer to Debian (that is, be able to do any uploads by yourself), you _do_ need to move to a 4096R key. But, as to this specific question: If you are not interested in becoming DM or DD, nobody will object - If I were to be your sponsor, I could do everything without you even having a GPG key. A sponsor must not blindly build and upload, but check everything as if it were his own package. (Of course, once you have a working relation with a DD/DM that sponsors you, _and_ you use a GPG key regardless of its strength, said DD/DM will start trusting your work) But anyway - Create a new key. Try to get it signed. Even if the old one has many signatures, start getting people (specially those better connected) to sign the new one. *Do* sign the new key with the old one, to ensure people who already know you it is still you doing this.
Attachment:
signature.asc
Description: Digital signature