Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Enrico Zini <enrico <at> enricozini.org>
Subject: Re: State of the debian keyring
Newsgroups: gmane.linux.debian.devel.project
Date: Monday 24th February 2014 19:28:53 UTC (over 3 years ago)
On Sun, Feb 23, 2014 at 05:46:53PM +0300, Cyril Brulebois wrote:

> (It took me like 4 years to switch to my current 4k key, partly because
> I didn't feel the urge to switch, and partly because I would have hated
> wasting your time with a malformed request.)

It also took me a long while to switch because I didn't understand that
it was already this urgent, so my mode of operation was "let's collect
sigs for the time being, and switch when I hear another call".

I think it would be useful to see an update to debian-devel-announce,
explaining what's the current vulnerability status of 1024bit keys, and
asking to please switch NOW.

As a potential follow-up plan, I propose this one:

After a month or two, we can start mailing people directly, starting
from the most active, asking why they haven't migrated yet, and asking
them to please tell others to migrate if they see a 1024 key around.

After another month or two, we can start taking keys off the keyring,
starting from the less active people, and announcing each batch of
removed keys to d-d-a.


Ciao,

Enrico

-- 
GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini 
 
CD: 3ms