On Sun, Dec 15, 2013 at 12:17 AM, Paul Wise <p...@debian.org> wrote: > That would probably be fine for most Debian users but at that point I > remembered that the Riseup OpenGPG best practices document has > something to say about keyring refreshes; that keyring refreshes > should happen using parcimonie to make correlation attacks harder.
This thread is probably not the most apropos place to bring this up, but I've found parcimonie to be an terribly over-complex implementation of the (good) design document that they wrote. It requires pulling in dozens of perl modules, including GTK bindings (?). It worries me that it's starting to become the defacto tool for keeping a keyring up-to-date, because security is one of the places where minimalism really matters. -- Darius Jahandarie -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cafanwtv2tmv-rsuidk1wtdp9vghodzenk6po-tm2whtt2ae...@mail.gmail.com
