[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of the debian keyring

>> Please update that page.  In particular, it *requires* a third party to
>> request the key swap on your behalf.

This was also my understanding when I read through this page. It was only 
just recently that I realised that the exceptional case was first and that 
the first statement of instruction 2 did not apply:

  "2. Alice must get a Debian developer (ideally not Bob) to sign a message
      requesting the replacement of key X with key Y on behalf of Alice."

I know I got to the point of doing step 2 ages ago and, having read that 
requirement, put the rest of the process in the too hard basket. (jmw's 
suggested reordering of this paragraph helps a lot here)

Can I also make a concrete suggestion that the document include a couple of 
commands to be run to help people know what information to include? We 
already know that DDs aren't as good with gpg as everyone would like them to 
be, so including the precise command will help a lot here and save them 
fighting through gpg documentation again (which is just another barrier to 
people actually doing this):

  `gpg --list-sigs 0xNewKeyId` in step 1

  `gpg --fingerprint 0xOldKeyId` `gpg --fingerprint 0xNewKeyId` as a step 0

(and perhaps move the paragraphs that are after the steps into numbered 

The suggestion of automating generating the output with a short script would 
work too, although it only wants to be a few lines long so that anyone can 
look at it and trivially understand what it is going to do.

(who has finally mailed RT for the key rollover and will soon find out if he 
has actually understood the process properly)

Stuart Prescott    http://www.nanonanonano.net/   stuart@nanonanonano.net
Debian Developer   http://www.debian.org/         stuart@debian.org
GPG fingerprint    BE65 FD1E F4EA 08F3 23D4 3C6D 9FE8 B8CD 71C5 D1A8

Reply to: