Gunnar Hjalmarsson dijo [Sun, Jan 10, 2021 at 01:10:34AM +0100]: > > > > I have known Gunnar for years under the key > > > > > > > > 0CFE 997B 7245 80A7 FA72 F8CF F0B1 10E7 5A69 2F32 > > > > > > I'm afraid Gunnar didn't take the habit of signing his mail and side > > > work, only his uploads of packages on Ubuntu repos. We'll have to > > > see if Keyring Maintainers would be okay with you endorsing his new > > > key relying on signed work he did in unbutu with his older one. > > > > > > Not sure of their answer. > > > > In general I'm not a fan of key changes as part of AM processes; it is > > much better to continue with an established key if there is no pressing > > reason to change. A well known 2048R key trumps a new 4096R with no > > cross signatures. > > Thanks for that clarification, Jonathan! I created the new key solely > because I thought it would strengthen my case with respect to endorsing. And > now you say that the opposite is true. > > Needless to say I can switch back to my old key and attach that one to my > application instead. If that's what you recommend, can you please confirm > and I'll accomplish the switch. Yes, I also suggest you go back and complete the process with your present key. Parallelly, build trust on your 4096R key (or a EC one, or whatnot). And when your new key has been around and carrries enough recognition, request the update, we (keyring-maint) will be happy to do it. Please understand key endoresements are a very new and not fully proven and understood method to cope with a series of changes both in the technical and the social infrastructure we live with. We have yet to learn how to properly juggle with them. > @Pierre-Elliott: That sounds as a 'door opener' to me and it would eliminate > at least one of the reasons for your doubts, wouldn't it? I certainly hope so!
Attachment:
signature.asc
Description: PGP signature