Re: State of the debian keyring

[Ian Jackson <ijackson@chiark.greenend.org.uk>]

Jonathan McDowell writes ("Re: State of the debian keyring"):
> On Sun, Feb 23, 2014 at 02:10:12PM +0800, Paul Wise wrote:
>  * The new key must be signed by the old key that is being replaced.
> 
>  * The new key must be signed by 2 other keys that are present in the
>    Debian keyring.

Are we now at the stage where it is more important to retire these
shortish keys, than to insist on this cross-signatures ?

I.e., perhaps it would be better to invite key rollover from a short
key to a long one despite the lack of 2 other DD signatures; or
perhaps even despite the lack of _any_ other DD signatures.

Instead, the keyholder could perhaps present a signed key transition
document.

A downside is that we would probably have to keep the rolled-over
short keys somewhere, at least to maintain the integrity of our
records of why a key is in the keyring.

Ian.