[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Reminder: Removing < 2048 bit keys from the Debian keyrings

Gunnar Wolf <gwolf@gwolf.org> writes:

> Brian Nelson dijo [Wed, Nov 12, 2014 at 05:09:02PM -0500]:
>> >> Wouldn't it make more sense to ask these people privately what is getting in
>> >> the way of a switch to a stronger key?
>> >
>> > They have been asked. Repeatedly.
>> I haven't been asked.  I've received a few reminders that I need a new
>> key with signatures, but I haven't been asked why I haven't submitted a
>> new key yet.
> Right. Precise definitions. You are right — Although we have been
> slowly but steadily insisting (at least since 2010, when we announced
> at DebConf10 we had removed the last 17 remaining PGPv3 keys) that
> 1024D keys were no longer considered long-term trusty and urged
> everybody to start updating to a >=2K key.
> But, as you are asking, you got me curious :) Why haven't you started
> migrating to a new key?

Well I have a new key but it doesn't have any signatures on it other
than my own, and I haven't encountered another developer in years to
have it signed.  I've been listed on
https://wiki.debian.org/Keysigning/Offers for years (two locations in
two different U.S. states, even) but have never been contacted for a

I'm not overly far from other developers--Boston is about a 2 hour drive
away--but with general busyness from having a family, I haven't found a
chance to try to meet people in Boston.  The boston-debian-soc mailing
list being down for years doesn't help, either.

It's not a very interesting story.  It's more about being inconvenient
than insurmountable.  I've just been hoping some opportunity would
present itself for an easy keysigning, but that hasn't happen yet.

Captain Logic is not steering this tugboat.

Reply to: