Hi, Le 14/09/2012 01:47, Thijs Kinkhorst a écrit : > On Fri, September 14, 2012 03:28, David Prevot wrote: >>> This is a notice to inform you, that our previous PGP/GPG key expired. >> >> Thanks for notifying us on debian-security-announce@l.d.o, but I >> disagree that such an announcement deserves a DSA number. > Well, this is of course how we 'always' do it. There has been announcement in the past that didn't use a DSA number: https://lists.debian.org/debian-security-announce/2005/msg00206.html > I'm not sure I understand: > why is it a problem to use (even misuse?) a number? They are free and we > have ample supply. They seem to be error prone for the security team, since the number was used twice this time: https://lists.debian.org/debian-security-announce/2012/msg00189.html https://lists.debian.org/debian-security-announce/2012/msg00190.html They also cause confusion for our users (e.g. “why isn't the DSA-2360 documented?”): http://security-tracker.debian.org/tracker/DSA-2360-1 http://www.debian.org/security/2011/dsa-2360 > I doubt a technicallity like a key rollover, which is only relevant for > people actively conversing with the security team, is useful to post to > debian-announce. Totally agreed sorry for mixing two ideas in the same message (I also wanted to advise coordination with press/publicity for the next important message, like DSA-2360). Regards David
Attachment:
signature.asc
Description: OpenPGP digital signature