Re: State of the debian keyring
Kurt Roeckx dijo [Sun, Feb 23, 2014 at 01:51:32AM +0100]:
> > I'd like to ask the project as a whole for input on how we should push
> > towards this migration. I guess that most of the socially-connected
> > Debian Developers already have 4096R keys. How can we reach those who
> > don't? How can we incentivate them to change?
> I've looked at the debconf 2013 keysigning list. 13 people in it
> had a 1024 bit key, but all of them also had a stronger one. It's
> clear that the socially-connected DD already moved to a stronger
> key, and that the problem would then be the others.
> A few people have already suggested to set a timeline.
> You also published this policy in 2010:
Right, and we have kept that policy: We no longer accept 1024D
keys. However, we didn't anticipate the uptake of stronger keys to be