Jonathan McDowell <noodles@earth.li> (2014-02-23): > In an attempt to try and reduce problems let me describe some of the > problems we see (all of this is in the context of someone taking an > existing key that is not believed to be compromised and replacing it > with a stronger key): > [ a few things ] Reading the requirements you gave, it looks like something that could be automated through a script, which would generate the output you'd like, and that would check the old→new key signature, along with the new key's being signed by two keys in the keyring (be it by looking into the shipped debian keyring, or since it's a bit outdated, by syncing stuff from keyring.d.o or wherever the live keyring is accessible from), prompting for the reason for the replacement, and generating the inline signed request. (It took me like 4 years to switch to my current 4k key, partly because I didn't feel the urge to switch, and partly because I would have hated wasting your time with a malformed request.) Mraw, KiBi.
Attachment:
signature.asc
Description: Digital signature