Is it possible to regenerate my gpg key without losing all the
signatures on my existing key? I presume not, but perhaps there's
something I'm missing. I have a 1024 bit key, and would like to be
like the cook kids, but not lose ten years of signatures.
On Aug 11, 2009, at 08:39, Robert Burrell Donkin wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
with ApacheConUS only three months away, we really need to start
planning how apache can move away from short keys (DSA and RSA < 2048)
and weak WOT links (SHA-1)[1]. the consensus on infra was that this is
the best list for this discussion. if it happens to get too busy
then a
new list can be created.
the first step needs to be updating the documents so that new release
managers know how to set up and use GnuPG[2] to generate keys unlikely
to need changing in the next couple of years. i'll start a thread over
on site dev to cover this.
the first question for discussion is recommended key length. 2048 is
the
minimum safe size for new keys but only just. for keys used to sign
releases, 4096 is more credible today. 8192 bit keys are possible with
GnuPG[3] but are fiddly and - in older tools - support may be patchy.
going for 4096 would mean a second transition before 2015 but the next
generation (SHA-3 and next generation of OpenPGP) should be
available by
then.
consensus on infra was to go for 4096 but if anyone knows any good
reasons to go for some other value, please jump in.
- - robert
[1]
http://www.jroller.com/robertburrelldonkin/entry/release_distribution_renewing_the_web
[2] http://www.gnupg.org
[3] http://www.jroller.com/robertburrelldonkin/entry/gnupg_8192bit_rsa_keys
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIcBAEBAgAGBQJKgWaEAAoJEHl6NpRAqILLzzQP/RI/ZpkauHrLMzW48lNRsmUc
h9a4HJ1WXL6eESSbJK9rawPxrAvG/p3rbH3TTixIkwLPz8BQDuG8kxmTHn8LDlGg
/YLZbDtgFpF3SElGn1MbzldI48DTgw/JXa4opVHi/gvSAoA72+P7td5D12YiA+6R
Urr6I8hcDOdHRfDsXPHbu5MLh4S//vVgrdOXahLqwzwJK0GCdsjJ88RGJgPXrWfH
abfzKY3jGUheLtIJUbQiMI2IKA5VrCK+WMXoWxnqnnxL6JDQUGXfpai5dxoRy22D
wcv6UN+FIUF8OCBymYRXMcngwczYDkYkUyrVEjOSlnmtC4rHKq/wZGtn3VJGSCEf
hLoSC+aZ+HLHxK5pA0ZxRs4IFhMtTijV5ng6VA1aOPW0N1ySIUd7fgAO7QpksCcL
84LZMAzstH48Ce2Zzrj8oJ5NLYIR531Mh0C7N/JRkUdPLTXDByvXBTJ9uRXoRw6v
a1IexoewUxXfAcR2Yi0lVtkL9ZBVWMm/caXpSqLHKxFvQND71dWg+7UsfJR057c3
CP5bwJIp4dANLOeYa6kj07b+Xu2ZutKBAdZWSH/u3lx1Grh3apq1gbGmdoyKyLyj
d4px2wyB6oWS5C3ZEdAG8oy9QC1LERgnqTt7kMGMNl5j8E1AAMsPTw7laULss1S1
itF2Nys9bJZA1dfQTx7B
=w79Q
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscr...@apache.org
For additional commands, e-mail: community-h...@apache.org
--
If you miss this moment
You miss your life
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscr...@apache.org
For additional commands, e-mail: community-h...@apache.org
