[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of the debian keyring

Jonathan McDowell <noodles@earth.li> (2014-02-23):
> In an attempt to try and reduce problems let me describe some of the
> problems we see (all of this is in the context of someone taking an
> existing key that is not believed to be compromised and replacing it
> with a stronger key):
> [ a few things ]

Reading the requirements you gave, it looks like something that could be
automated through a script, which would generate the output you'd like,
and that would check the old→new key signature, along with the new key's
being signed by two keys in the keyring (be it by looking into the
shipped debian keyring, or since it's a bit outdated, by syncing stuff
from keyring.d.o or wherever the live keyring is accessible from),
prompting for the reason for the replacement, and generating the inline
signed request.

(It took me like 4 years to switch to my current 4k key, partly because
I didn't feel the urge to switch, and partly because I would have hated
wasting your time with a malformed request.)


Attachment: signature.asc
Description: Digital signature

Reply to: