Re: State of the debian keyring

To: debian-project@lists.debian.org
Subject: Re: State of the debian keyring
From: Russ Allbery <rra@debian.org>
Date: Tue, 25 Feb 2014 10:51:56 -0800
Message-id: <87ios3auur.fsf@windlord.stanford.edu>
In-reply-to: <20140225184724.GI40853@gwolf.org> (Gunnar Wolf's message of "Tue, 25 Feb 2014 12:47:24 -0600")
References: <20140123220729.GA25523@scru.org> <20140222224148.GA2130@scru.org> <20140222234641.GA31478@roeckx.be> <20140223003506.GE30391@gwolf.org> <lec9ll$hlh$1@posted-at.bofh.it> <20140223081228.GA1049@master.debian.org> <20140223092346.GA3116@smurf.noris.de> <20140223150449.GD32426@gwolf.org> <21259.34853.289374.378737@chiark.greenend.org.uk> <20140225184724.GI40853@gwolf.org>

Gunnar Wolf <gwolf@gwolf.org> writes:
> Ian Jackson dijo [Mon, Feb 24, 2014 at 05:57:57PM +0000]:

>> I think this is a bug.
>> 
>> It can increase security because it can make operations more
>> convenient at the same level of security, and because people trade off
>> convenience for security.
>> 
>> For example, it would be possible to have one key for email encryption
>> and a different (more secure) key for package uploads.

> Debian tools don't care which key you use for email encryption.

Except for project DPL votes, no?

> The extent of actions you interact with debian is easily modeled with a
> single key; for some time I used to upload with 1024D and sign mails
> with 4096R because I had not yet pushed my 4096R into the keyring,
> waiting to get more signatures (yes, also being keyring-maint it took me
> some time to push it, even if I had all power to do so myself!)

For email signatures, don't quite a few more things care?  All votes,
db.debian.org operations, etc.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: State of the debian keyring
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: State of the debian keyring
  - From: Jonathan McDowell <noodles@earth.li>

References:
- Re: State of the debian keyring
  - From: Clint Adams <clint@debian.org>
- Re: State of the debian keyring
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: State of the debian keyring
  - From: Gunnar Wolf <gwolf@gwolf.org>
- Re: State of the debian keyring
  - From: Marco d'Itri <md@Linux.IT>
- Re: State of the debian keyring
  - From: Bart Martens <bartm@debian.org>
- Re: State of the debian keyring
  - From: Matthias Urlichs <smurf@smurf.noris.de>
- Re: State of the debian keyring
  - From: Gunnar Wolf <gwolf@gwolf.org>
- Re: State of the debian keyring
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: State of the debian keyring
  - From: Gunnar Wolf <gwolf@gwolf.org>

Prev by Date: Re: State of the debian keyring
Next by Date: Re: GR proposal: code of conduct
Previous by thread: Re: State of the debian keyring
Next by thread: Re: State of the debian keyring
Index(es):
- Date
- Thread