Re: Moving to stronger keys than 1024D
Paul Wise <pabs@debian.org> writes:
> There are more people using 1024-bit keys than >= 2048-bit keys (in
> debian-keyring.gpg), many of these are active developers, some not so
> active. It would be a major human resources issue for Debian to disable
> all of those keys but I guess it is the only way to get people to
> migrate to stronger keys.
> 654 pub 1024D
> 1 pub 1024R
> 27 pub 2048R
> 2 pub 3072R
> 306 pub 4096R
> 2 pub 8192R
> 1 pub 10240R
I suspect that some of the problem is people feeling like they need to go
through an in-person key signing to get their new key certified, which can
be quite awkward depending on where one lives and how much day-to-day
contact one has with other DDs. Perhaps we should make more public the
idea that a key transition document signed with both keys and posted
publicly is probably sufficient to warrant signing the new key if one has
signed the old key? (Assuming that's actually true.)
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: