[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of the debian keyring

On Sat, Feb 22, 2014 at 7:35 PM, Gunnar Wolf <gwolf@gwolf.org> wrote:
>> That's still 61.5% that's at 1024 bit. CAs are doing better than
>> this, with only 0.8% of the certificates that are still active
>> being 1024 bit.
>> Can I suggest that everyone that is still using a 1024 bit pgp key
>> generates a new key *now*?
>> The recommended minimum size is at least 2048 bit, but I suggest
>> you go for 4096 bit.
> ...And now hat you mention this here on the list, we have been
> discussing how to deal with this for keyring-maint¹.
> It would clearly be unacceptable for us to decide to lock out 61.5% of
> Debian because of their old key. Also, removing those keys would most
> probably make our WoT much more fragile.
> I'd like to ask the project as a whole for input on how we should push
> towards this migration. I guess that most of the socially-connected
> Debian Developers already have 4096R keys. How can we reach those who
> don't? How can we incentivate them to change?

Has there been any analysis of how active the developers are? I'd
hazard to guess that a good number should be moved to emeritus status.
Perhaps we should do a ping of developers with 1024 bit keys?

-- Andrew Starr-Bochicchio

   Ubuntu Developer <https://launchpad.net/~andrewsomething>
   Debian Developer <http://qa.debian.org/developer.php?login=asb>

Reply to: