[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of the debian keyring

Ian Jackson dijo [Mon, Feb 24, 2014 at 05:53:58PM +0000]:
> Are we now at the stage where it is more important to retire these
> shortish keys, than to insist on this cross-signatures ?
> I.e., perhaps it would be better to invite key rollover from a short
> key to a long one despite the lack of 2 other DD signatures; or
> perhaps even despite the lack of _any_ other DD signatures.
> Instead, the keyholder could perhaps present a signed key transition
> document.
> A downside is that we would probably have to keep the rolled-over
> short keys somewhere, at least to maintain the integrity of our
> records of why a key is in the keyring.

Which we do anyway - All retired keys are still in our tree, in the
removed-keys-{pgp,gpg} directories (plus the
emeritys-keyring-{gpg,pgp}). Of course, they are not installed when
you get the generated package (you only get the active keyrings). But
they are all there.

Reply to: