[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of the debian keyring

Gunnar Wolf <gwolf@gwolf.org> writes:
> Ian Jackson dijo [Mon, Feb 24, 2014 at 05:57:57PM +0000]:

>> I think this is a bug.
>> It can increase security because it can make operations more
>> convenient at the same level of security, and because people trade off
>> convenience for security.
>> For example, it would be possible to have one key for email encryption
>> and a different (more secure) key for package uploads.

> Debian tools don't care which key you use for email encryption.

Except for project DPL votes, no?

> The extent of actions you interact with debian is easily modeled with a
> single key; for some time I used to upload with 1024D and sign mails
> with 4096R because I had not yet pushed my 4096R into the keyring,
> waiting to get more signatures (yes, also being keyring-maint it took me
> some time to push it, even if I had all power to do so myself!)

For email signatures, don't quite a few more things care?  All votes,
db.debian.org operations, etc.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: