[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PGP keys: advice from keyring maintainers ?

On Tue, May 12, 2009 at 01:25:53AM +0200, Cyril Brulebois wrote:
> Quoting the mail fully for the added recipients. Looks like Charles was
> too shy to do so.

Thanks. I only follow -project sporadically.

> Charles Plessy <plessy@debian.org> (12/05/2009):
> > Dear all,
> > 
> > I am getting quite confused after reading the many blog announcements
> > about changing PGP keys for security reasons. Is it possible to get a
> > somewhat official advice from the Project to its thousand of
> > developers? In particular, a word from the keyring maintainers would
> > be very helpful.

I'm working on something to post to d-d-a, but have had a few
disagreements in review comments I'd like to get resolved before going
ahead. I hope to have it sorted in the next few days.

I'm not panicking though. I'm more concerned about trying to rid
ourselves of the remaining PGPv3 keys (the ones in debian-keyring.pgp).
I sent out a bunch of mails recently to people who have both v3 and v4
keys asking if their v3 keys could be removed immediately without
causing them disruption, but fewer than half the recipients have replied
so far. If you're one of the ones who hasn't then please do so. Also if
you're one of the people who only has a v3 key present then I'd
definitely be thinking about getting a nice shiny new key sorted out and
well linked into the web of trust.


Web [     I like my copyright infringements to be patent free.     ]
site: http:// [                                          ]       Made by
www.earth.li/~noodles/  [                      ]         HuggieTag 0.0.23

Attachment: signature.asc
Description: Digital signature

Reply to: