Re: Use of DSA number for general announcements
On 09/14/12 00:47, Thijs Kinkhorst wrote:
> Hi David,
>
> On Fri, September 14, 2012 03:28, David Prevot wrote:
>>> This is a notice to inform you, that our previous PGP/GPG key expired.
>>
>> Thanks for notifying us on debian-security-announce@l.d.o, but I
>> disagree that such an announcement deserves a DSA number. DSA-2360 was
>> also a misuse of a DSA number IMHO, and would have deserved a copy on
>> wider audience (e.g. on debian-announce@l.d.o). Please don't hesitate to
>> get in touch with the press or publicity team next time you prepare a
>> big announcement.
>
> Well, this is of course how we 'always' do it. I'm not sure I understand:
> why is it a problem to use (even misuse?) a number? They are free and we
> have ample supply.
>
> I doubt a technicallity like a key rollover, which is only relevant for
> people actively conversing with the security team, is useful to post to
> debian-announce.
>
I think DSA should be used for communicating information to the person
who calls or schedules calls to apt-get and the like.... not for
communicating to ppl who actively converse with the security team, these
are defiantly two different groups on ppl.
Just my 2 cents worth.
>
> Cheers,
> Thijs
>
>
Reply to: