On 2014-02-23 17:22, Jonathan McDowell wrote:
On Sun, Feb 23, 2014 at 12:49:37PM -0300, Henrique de Moraes Holschuh wrote:This is not what is written here: http://keyring.debian.org/replacing_keys.htmlPlease update that page. In particular, it *requires* a third party torequest the key swap on your behalf.Paragraph 2 on that page states:| If key X is still valid then Alice may sign the request using that key,| but must ensure key Y is signed by key X as well as at least 2 other | active Debian developers whose keys are in the keyring. What would you suggest as alternative wording which is clearer?
"2. Alice must sign a message with key X, requesting its replacement with key Y. That statement should contain key fingerprints and Debian login details. Key Y must be signed by key X as well as at least 2 other active Debian developers whose keys are in the keyring.
If key X is no longer trustworthy (for example, revoked because it was lost or compromised) she must get a Debian developer (ideally not Bob) to make the request on her behalf; this developer must also have performed the appropriate checks to enable them to be comfortable signing key Y."
The last sentence still isn't clear to me (or rather, its starting point in the original document is not); should the non-Bob developer also sign the key Y? Is it acceptable for this developer to be the second signatory on the new key, or does a third DD need to be involved?
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
<directhex> i have six years of solaris sysadmin experience, from
8->10. i am well qualified to say it is made from bonghits
layered on top of bonghits