[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of the debian keyring

On Sun, Feb 23, 2014 at 05:46:53PM +0300, Cyril Brulebois wrote:

> (It took me like 4 years to switch to my current 4k key, partly because
> I didn't feel the urge to switch, and partly because I would have hated
> wasting your time with a malformed request.)

It also took me a long while to switch because I didn't understand that
it was already this urgent, so my mode of operation was "let's collect
sigs for the time being, and switch when I hear another call".

I think it would be useful to see an update to debian-devel-announce,
explaining what's the current vulnerability status of 1024bit keys, and
asking to please switch NOW.

As a potential follow-up plan, I propose this one:

After a month or two, we can start mailing people directly, starting
from the most active, asking why they haven't migrated yet, and asking
them to please tell others to migrate if they see a 1024 key around.

After another month or two, we can start taking keys off the keyring,
starting from the less active people, and announcing each batch of
removed keys to d-d-a.



GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>

Attachment: signature.asc
Description: Digital signature

Reply to: