Re: State of the debian keyring
On Sun, 23 Feb 2014, Jonathan McDowell wrote:
> * Requests need to include the full fingerprint of both the old and the
> new key. Not just the key IDs. Not just the new key. We want to be
> absolutely certain of what you're requesting replaced. I quite like
> seeing the actual "gpg --fingerprint" output for both keys because it
> tends to be quite easy to visually verify.
> * The new key must be signed by the old key that is being replaced.
> * The new key must be signed by 2 other keys that are present in the
> Debian keyring.
> * The request must be signed by the old key. Signing the request with
> the new key alone is not helpful - requests must always be signed by
> a key that is currently in the active keyring. Signing it with both
> is fine, but not required.
> * You should specify *why* you want to replace your key. Knowing that
> it's because you're moving to a stronger key rather than because your
> old key is compromised / unavailable / on fire helps us prioritise
This is not what is written here:
Please update that page. In particular, it *requires* a third party to
request the key swap on your behalf.
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot