Re: State of the debian keyring
Ian Jackson dijo [Mon, Feb 24, 2014 at 05:57:57PM +0000]:
> I think this is a bug.
> It can increase security because it can make operations more
> convenient at the same level of security, and because people trade off
> convenience for security.
> For example, it would be possible to have one key for email encryption
> and a different (more secure) key for package uploads.
Debian tools don't care which key you use for email encryption. The
extent of actions you interact with debian is easily modeled with a
single key; for some time I used to upload with 1024D and sign mails
with 4096R because I had not yet pushed my 4096R into the keyring,
waiting to get more signatures (yes, also being keyring-maint it took
me some time to push it, even if I had all power to do so myself!)