Re: State of the debian keyring
Jonathan McDowell writes ("Re: State of the debian keyring"):
> On Sun, Feb 23, 2014 at 02:10:12PM +0800, Paul Wise wrote:
> * The new key must be signed by the old key that is being replaced.
>
> * The new key must be signed by 2 other keys that are present in the
> Debian keyring.
Are we now at the stage where it is more important to retire these
shortish keys, than to insist on this cross-signatures ?
I.e., perhaps it would be better to invite key rollover from a short
key to a long one despite the lack of 2 other DD signatures; or
perhaps even despite the lack of _any_ other DD signatures.
Instead, the keyholder could perhaps present a signed key transition
document.
A downside is that we would probably have to keep the rolled-over
short keys somewhere, at least to maintain the integrity of our
records of why a key is in the keyring.
Ian.
Reply to: