Re: State of the debian keyring
On Sat, Feb 22, 2014 at 7:35 PM, Gunnar Wolf <gwolf@gwolf.org> wrote:
>> That's still 61.5% that's at 1024 bit. CAs are doing better than
>> this, with only 0.8% of the certificates that are still active
>> being 1024 bit.
>>
>> Can I suggest that everyone that is still using a 1024 bit pgp key
>> generates a new key *now*?
>>
>> The recommended minimum size is at least 2048 bit, but I suggest
>> you go for 4096 bit.
>
> ...And now hat you mention this here on the list, we have been
> discussing how to deal with this for keyring-maint¹.
>
> It would clearly be unacceptable for us to decide to lock out 61.5% of
> Debian because of their old key. Also, removing those keys would most
> probably make our WoT much more fragile.
>
> I'd like to ask the project as a whole for input on how we should push
> towards this migration. I guess that most of the socially-connected
> Debian Developers already have 4096R keys. How can we reach those who
> don't? How can we incentivate them to change?
Has there been any analysis of how active the developers are? I'd
hazard to guess that a good number should be moved to emeritus status.
Perhaps we should do a ping of developers with 1024 bit keys?
-- Andrew Starr-Bochicchio
Ubuntu Developer <https://launchpad.net/~andrewsomething>
Debian Developer <http://qa.debian.org/developer.php?login=asb>
PGP/GPG Key ID: D53FDCB1
Reply to: