[
https://jira.codehaus.org/browse/MNGSITE-216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Herve Boutemy updated MNGSITE-216:
----------------------------------
Description:
Me as a new Committer had to register public GnuPG key. Few parts of this
documentation were not maintained as it seems.
http://maven.apache.org/developers/release/pmc-gpg-keys.html
The DSA algorithm is nowadays considered not secure enough. Therefore RSA
should be chosen:
{noformat}(1) DSA and Elgamal (default)
Your selection? 1
DSA keypair will have 1024 bits.{noformat}
DSA Key size is nowadays too short even for RSA and should be 4096:
{noformat}What keysize do you want? (2048) 2048
Requested keysize is 2048 bits{noformat}
Password was not entered. Here we have different opinions. From my PoV no
password might be ok for signature verification. The Committers use to keep
their keys in .gpg folder on their private laptops and they do not distribute
them in CI systems.
{noformat}You need a Passphrase to protect your secret key.
You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway. You can change your passphrase at any time,
using this program with the option "--edit-key".{noformat}
was:
Me as a new Committer had to register public GnuPG key. Few parts of this
documentation were not maintained as it seems.
http://maven.apache.org/developers/release/pmc-gpg-keys.html
The DSA algorithm is nowadays considered not secure enough. Therefore RSA
should be chosen:
(1) DSA and Elgamal (default)
Your selection? 1
DSA keypair will have 1024 bits.
DSA Key size is nowadays too short even for RSA and should be 4096:
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits
Password was not entered. Here we have different opinions. From my PoV no
password might be ok for signature verification. The Committers use to keep
their keys in .gpg folder on their private laptops and they do not distribute
them in CI systems.
You need a Passphrase to protect your secret key.
You don't want a passphrase - this is probably a *bad* idea!
I will do it anyway. You can change your passphrase at any time,
using this program with the option "--edit-key".
> Obsolete instructions in
> http://maven.apache.org/developers/release/pmc-gpg-keys.html
> -------------------------------------------------------------------------------------
>
> Key: MNGSITE-216
> URL: https://jira.codehaus.org/browse/MNGSITE-216
> Project: Maven Project Web Site
> Issue Type: Bug
> Environment: GnuPG
> Reporter: Tibor Digana
> Priority: Critical
>
> Me as a new Committer had to register public GnuPG key. Few parts of this
> documentation were not maintained as it seems.
> http://maven.apache.org/developers/release/pmc-gpg-keys.html
> The DSA algorithm is nowadays considered not secure enough. Therefore RSA
> should be chosen:
> {noformat}(1) DSA and Elgamal (default)
> Your selection? 1
> DSA keypair will have 1024 bits.{noformat}
> DSA Key size is nowadays too short even for RSA and should be 4096:
> {noformat}What keysize do you want? (2048) 2048
> Requested keysize is 2048 bits{noformat}
> Password was not entered. Here we have different opinions. From my PoV no
> password might be ok for signature verification. The Committers use to keep
> their keys in .gpg folder on their private laptops and they do not distribute
> them in CI systems.
> {noformat}You need a Passphrase to protect your secret key.
> You don't want a passphrase - this is probably a *bad* idea!
> I will do it anyway. You can change your passphrase at any time,
> using this program with the option "--edit-key".{noformat}
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
