Re: State of the debian keyring
Kurt Roeckx dijo [Sun, Feb 23, 2014 at 01:51:32AM +0100]:
> > I'd like to ask the project as a whole for input on how we should push
> > towards this migration. I guess that most of the socially-connected
> > Debian Developers already have 4096R keys. How can we reach those who
> > don't? How can we incentivate them to change?
>
> I've looked at the debconf 2013 keysigning list. 13 people in it
> had a 1024 bit key, but all of them also had a stronger one. It's
> clear that the socially-connected DD already moved to a stronger
> key, and that the problem would then be the others.
>
> A few people have already suggested to set a timeline.
>
> You also published this policy in 2010:
> https://lists.debian.org/debian-devel-announce/2010/09/msg00003.html
Right, and we have kept that policy: We no longer accept 1024D
keys. However, we didn't anticipate the uptake of stronger keys to be
so slow.
Reply to: