On Fri, Oct 5, 2012 at 5:10 PM, Ben Reser <b...@reser.org> wrote: > Given that we're coming up on a couple of opportunities for various > developers to get together an potentially sign keys I thought I'd > bring this subject up. > > 1) SHA-1 based keys should be migrated off of. The US Government's > requirement of agencies was to stop using SHA-1 by the end of 2010. > We're nearly 2 years past that date and there are actually several > people still signing releases with such keys. In particular if you're > still using a 1024 DSA key that means you. You can check by looking > at your looking at how GPG represents your key, if it says 1024D then > you need to replace that key. Details on a sane way of migrating keys > can details about the situation can be found on this blog: > http://www.debian-administration.org/users/dkg/weblog/48 > > If you have any questions about this I'll do my best to answer them. > > 2) There is going to be 2 opportunities in the coming months when > several of us are together that it may be useful to carry out a key > signing party. > > a) Greenwich, Connecticut USA October 13th - 15th at the > mini-hackathon before SVN Live. > b) Sinsheim, Germany November 5th - 8th at ApacheCon EU 2012. > > I plan on organizing key signing at both events if there is sufficient > people interested and there will be keys that need signing. Given the > issue the SHA-1 issue described above and the key signing party > options. Now might be a excellent time to generate a new key, > especially if you're planning on attending one of those events. > > If you're interested in participating in something like that at one of > those locations, please reply and indicate which location(s) you'll be > available to attend and the dates you'll be available (since some > people may not be available the whole time). Based on this > information I'll try to coordinate something that hits the maximum > number of people and generates the biggest web of trust. > > This is not just an opportunity for developers to sign each others > keys but also an opportunity for some of our users to sign our keys > and potentially enhance their trust of our signatures. So feel free > to pass this information along to anyone that's interested. > > I'd like to plan the details for the Greenwich, Connecticut > opportunity no later than Tuesday October 8th, so please reply ASAP if > you're interested in that. I'll post more details once I've figured > them out.
I neglected to do this in Greenwich. Everyone that's said anything about doing this is also here in London plus quite a few other people. So I'll try to put something together during the first session today which is about Hook Scripts and I doubt is very interesting to any of us.
