Hi, Brian Gupta: > weak key. We would allow DDs to use the new strong key to do their > work for a limited period of time, while they seek the required two DD > signatures. (Say 12 months, but this is fungible.) I am proposing a > role key, so it doesn't get confused with "real sigs" and we can > easily track who still needs real sigs. > OK, so except for the "use a role key for tracking" part this is exactly what I proposed, or attempted to propose anyway, in my last email. I don't think we'd need a separate role key, that'd require two key transitions per DD and thus more work for the keyring maintainers. A list of strong keys in the keyring as of now should be sufficent. -- -- Matthias Urlichs
Attachment:
signature.asc
Description: Digital signature