[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of the debian keyring

On Mon, Feb 24, 2014 at 05:53:58PM +0000, Ian Jackson wrote:
> Jonathan McDowell writes ("Re: State of the debian keyring"):
> > On Sun, Feb 23, 2014 at 02:10:12PM +0800, Paul Wise wrote:
> >  * The new key must be signed by the old key that is being replaced.
> > 
> >  * The new key must be signed by 2 other keys that are present in the
> >    Debian keyring.
> Are we now at the stage where it is more important to retire these
> shortish keys, than to insist on this cross-signatures ?
> I.e., perhaps it would be better to invite key rollover from a short
> key to a long one despite the lack of 2 other DD signatures; or
> perhaps even despite the lack of _any_ other DD signatures.
> Instead, the keyholder could perhaps present a signed key transition
> document.

I'd rather avoid this if possible, but it's something I'd be prepared to
consider for those who really can't manage to any another signature.
There's also the halfway house of allowing keys which are in the global
strong set, even if they're not signed by other keys within the Debian
strong set. At present I don't think we're yet at the stage we have to
allow this though.

> A downside is that we would probably have to keep the rolled-over
> short keys somewhere, at least to maintain the integrity of our
> records of why a key is in the keyring.

One of the useful things about the fact the keyring is managed in bzr[0]
these days is that the changelog can record why something is the way it


[0] At some point it will probably move to git, it's in bzr for
    historical reasons.

Web [     101 things you can't have too much of : 21 - Uptime.     ]
site: http:// [                                          ]       Made by
www.earth.li/~noodles/  [                      ]         HuggieTag 0.0.24

Reply to: