[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Reminder: Removing < 2048 bit keys from the Debian keyrings

Gunnar Wolf <gwolf@gwolf.org> writes:

> Brian Nelson dijo [Thu, Nov 13, 2014 at 02:27:59PM -0500]:
>> Well I have a new key but it doesn't have any signatures on it other
>> than my own, and I haven't encountered another developer in years to
>> have it signed.  I've been listed on
>> https://wiki.debian.org/Keysigning/Offers for years (two locations in
>> two different U.S. states, even) but have never been contacted for a
>> keysigning.
>> 
>> I'm not overly far from other developers--Boston is about a 2 hour drive
>> away--but with general busyness from having a family, I haven't found a
>> chance to try to meet people in Boston.  The boston-debian-soc mailing
>> list being down for years doesn't help, either.
>> 
>> It's not a very interesting story.  It's more about being inconvenient
>> than insurmountable.  I've just been hoping some opportunity would
>> present itself for an easy keysigning, but that hasn't happen yet.
>
> Right :) I didn't want to out you as "a guy who has a minor problem
> getting his key signed". But you asked us to ask you why.
>
> And it boils down to being motivated to do it. I hope this thread
> motivates you. In the worst case, I hope most people whose keys are
> retired from the active keyring next January will be motivated by the
> need (or desire?) to do Debian work without requiring a sponsor. But
> each person has their own story.

I'd like to retain an active key in Debian.  However, I already have a
well-connected key from when I was younger and my time was freely
available and travel was easy.  Those are no longer true, but I'm
supposed to start over from scratch anyway and spend a better part of a
day traveling to Boston to meet developers I've most likely never
interacted with before.  I'll show them some identification to prove I'm
a Brian Michael Nelson which, since the other Brian Michael Nelson in
the project retired, means I'm probably the one still active.  I'll be
able to submit a stronger key, but what exactly has been gained?  It
feels like a waste of time and effort, so that's where my motivation is
lacking.

I've met and exchanged key signings with a good portion of the active
developers (including you) with my old key, and it just seems like it
would be a whole lot more meaningful and a more productive use of time
to make use of that instead of yet another silly government ID exchange
dance.

-- 
Captain Logic is not steering this tugboat.
Reply to: