Re: State of the debian keyring
>It also took me a long while to switch because I didn't understand that
>it was already this urgent,
Because unless you are paranoid, then it is not.
If anybody disagrees then please describe a credible threat model in
- an entity would want to have access to the key of a DD, and
- would find brute forcing a 1024 bit key more practical than
stealing it or coercing a developer to disclose it.
For bonus points compare this scenario with the development of Stuxnet.
>I think it would be useful to see an update to debian-devel-announce,
>explaining what's the current vulnerability status of 1024bit keys, and
It would be useful if it were backed by a real analisys instead of "OMG
the NSA could factor our keys!!!11!".