On Thu, Apr 2, 2015 at 3:51 AM, Antti Järvinen wrote: > I'll write about this to debian-devel-announce.
That is only for announcements :) > But here I need advice as https://wiki.debian.org/DebianMaintainer > says I'll need a PGP-key with at least 2k key length. > > The key I used at https://mentors.debian.net/my was my pgp key that I > normally use. I don't consider it compromised, it is from year 2000 > and has 1k key len -> do I fullfill the requirement if I add > additional longer encryption key into my current key and replace the > key in mentors ; the key in there still has no signatures from any > party relevant in this debian process.. OpenPGP keys of 1024 bits are considered trivially breakable by well funded organisations: https://help.riseup.net/en/security/message-security/openpgp/best-practices#use-a-strong-primary-key Please read through the OpenPGP best practices and do a transition to a 4096-bit key: https://help.riseup.net/security/message-security/openpgp/best-practices -- bye, pabs https://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caktje6eqpm05bo2-rgewrhae59mmenzcstwfhp5csnho6hb...@mail.gmail.com
