[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of the debian keyring

Kurt Roeckx dijo [Sun, Feb 23, 2014 at 01:51:32AM +0100]:
> > I'd like to ask the project as a whole for input on how we should push
> > towards this migration. I guess that most of the socially-connected
> > Debian Developers already have 4096R keys. How can we reach those who
> > don't? How can we incentivate them to change?
> I've looked at the debconf 2013 keysigning list.  13 people in it
> had a 1024 bit key, but all of them also had a stronger one.  It's
> clear that the socially-connected DD already moved to a stronger
> key, and that the problem would then be the others.
> A few people have already suggested to set a timeline.
> You also published this policy in 2010:
> https://lists.debian.org/debian-devel-announce/2010/09/msg00003.html

Right, and we have kept that policy: We no longer accept 1024D
keys. However, we didn't anticipate the uptake of stronger keys to be
so slow.

Reply to: