On 3 March 2014 18:13, Gunnar Wolf <gw...@gwolf.org> wrote: > > As keyring maintainers, we no longer consider 1024D keys to be > trustable. We are not yet mass-removing them, because we don't want to > hamper the project's work, but we definitively will start being more > aggressively deprecating their use. 1024D keys should be seen as > brute-force vulnerable nowadays. Please do migrate away from them into > stronger keys (4096R recommended) as soon as possible. >
Please could you change https://wiki.debian.org/DebianMaintainer , which currently says a ">= 2048 bit" key is required (I assume this is still correct) but does not specifically recommend 4096? I recently became a DM, and created a 2048 bit key to do so, as that satisfied the advice given on that page, and also happened to be the default length offered by GPG on my system. Only after I'd had it signed and uploaded it did I find advice that new keys should be 4096 bits. (I've already reported this issue in a couple of different places; the page is not user-editable or I'd've fixed it myself!)
