Re: Reminder: Removing 2048 bit keys from the Debian keyrings
Il giorno sab, 08/11/2014 alle 21.15 +0100, Marco d'Itri ha scritto: On Nov 08, Jonathan McDowell nood...@earth.li wrote: Back in August I sent notification[0] about the fact that we will be removing all keys less than 2048 from our keyrings at the end of the year (31st December 2014). Sadly the response to this has been slower than expected, and we still have about 439 keys that require replacement. Vedo parecchi italiani nella lista, io sono sempre disponibile per firmare chiavi a Milano. Ciao a tutti, io sono nella lista e ho bisogno ancora di 1 firma sulla nuova chiave. Se qualcuno passa nei dintorni di Bologna si faccia sentire. Saluti -- Andrea Capriotti capri...@debian.org -- Per REVOCARE l'iscrizione alla lista, inviare un email a debian-devel-italian-requ...@lists.debian.org con oggetto unsubscribe. Per problemi inviare un email in INGLESE a listmas...@lists.debian.org To UNSUBSCRIBE, email to debian-devel-italian-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1415617725.2943.6.ca...@debian.org
Re: Reminder: Removing 2048 bit keys from the Debian keyrings
Ciao! On 2014-11-10 at 12:18 (CET), Andrea Capriotti wrote: Ciao a tutti, io sono nella lista e ho bisogno ancora di 1 firma sulla nuova chiave. Se qualcuno passa nei dintorni di Bologna si faccia sentire. Se vieni allo Ubuntu-it Meeting del 22 Novembre al Ramada Encore[1], ci trovi in tanti per una firmetta... reciproca ;-) A presto. [1] http://loco.ubuntu.com/events/ubuntu-it/2887-ubuntu-it-meeting/ -- Matteo F. Vescovi || Debian Developer GnuPG KeyID: 4096R/0x8062398983B2CF7A signature.asc Description: Digital signature
Re: Reminder: Removing 2048 bit keys from the Debian keyrings
On Nov 10, 2014 12:28 PM, Matteo F. Vescovi m...@debian.org wrote: Se vieni allo Ubuntu-it Meeting del 22 Novembre al Ramada Encore[1], ci trovi in tanti per una firmetta... reciproca ;-) Che c'è scritto Ubuntu ma manca poco che ci siano più (prospective) DD che altro ;p
Re: Reminder: Removing 2048 bit keys from the Debian keyrings
On 8 November 2014 17:05, Thijs Kinkhorst th...@debian.org wrote: On Sat, November 8, 2014 17:09, Jonathan McDowell wrote: We had hoped to be down to a small number of special cases to deal with by this point, but with the numbers still looking this bad we're not yet at a stage where we can work out appropriate next steps for those special cases. In the list you post, I see lots of names of people I know to be inactive for years now. Removing all those keys from the ring would therefore maybe not be such a disaster, because the majority is no longer regularly contributing to Debian. To make this a bit more concrete, I've matched the uids against echelon, and this is the outcome: 160 2014 Can the keys last used in 2013 or earlier (and not yet special cased / migrating) be moved to non-uploading keyring? This should not have any impact - no recent uploading usage, yet can vote still be a DD, etc. 42 2013 54 2012 31 2011 24 2010 31 2009 21 2008 17 2007 7 2006 5 2005 2 2004 1 2003 1 2002 So 160 keys were used this year, which is cause for concern if they are removed. However, it means 236 keys have not seen use in 2014 yet. And of those 160 keys have been used most recently in 2011; of those we can be rather certain that removing their key from the ring actually confirms the status quo rather than disrupt it. It therefore makes sense not to focus on the number of 436, but on the ones that have actually been used in 2014; get that first number of 160 closer to 0. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/edbe948c76a3d7abd9d0f5d126b237f9.squir...@aphrodite.kinkhorst.nl -- Regards, Dimitri. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CANBHLUg0dgsiAzQ3JkJKq3=_hie1y_dzhpek5zkmza12rqu...@mail.gmail.com
Re: Reminder: Removing 2048 bit keys from the Debian keyrings
On Sat, Nov 08, 2014 at 09:59:08PM +0100, Richard Hartmann wrote:
Can you put this list, and a count, in a place I can wget from?
You've trimmed all context so I'm not entirely clear if you're looking
for the key list or something else. If it's the key list you should be
able to calculate it yourself from the keyrings:
rsync -az keyring.debian.org::keyrings/keyrings/ .
gpg --no-default-keyring --list-keys --with-colons \
--keyring ./debian-keyring.gpg \
--keyring ./debian-maintainers.gpg | \
awk -F ':' '/^pub:.:1024:/ { print $5 $10 }'
This will give slightly more people than my list as I effectively did
the above on our working tree, which is not public, while the rsync will
provide the currently active keyring. At present the above lists 468
contributors, while the active tree has 429 with weak keys.
J.
--
] http://www.earth.li/~noodles/ []I'm a consultant because I'd [
] PGP/GPG Key @ the.earth.li [] rather be self-unemployed. [
] via keyserver, web or email. [] [
] RSA: 4096/2DA8B985[] [
signature.asc
Description: Digital signature
Re: Reminder: Removing 2048 bit keys from the Debian keyrings
On Nov 08, Jonathan McDowell nood...@earth.li wrote: Back in August I sent notification[0] about the fact that we will be removing all keys less than 2048 from our keyrings at the end of the year (31st December 2014). Sadly the response to this has been slower than expected, and we still have about 439 keys that require replacement. Vedo parecchi italiani nella lista, io sono sempre disponibile per firmare chiavi a Milano. -- ciao, Marco signature.asc Description: Digital signature
Re: Reminder: Removing 2048 bit keys from the Debian keyrings
On Sat, November 8, 2014 17:09, Jonathan McDowell wrote: We had hoped to be down to a small number of special cases to deal with by this point, but with the numbers still looking this bad we're not yet at a stage where we can work out appropriate next steps for those special cases. In the list you post, I see lots of names of people I know to be inactive for years now. Removing all those keys from the ring would therefore maybe not be such a disaster, because the majority is no longer regularly contributing to Debian. To make this a bit more concrete, I've matched the uids against echelon, and this is the outcome: 160 2014 42 2013 54 2012 31 2011 24 2010 31 2009 21 2008 17 2007 7 2006 5 2005 2 2004 1 2003 1 2002 So 160 keys were used this year, which is cause for concern if they are removed. However, it means 236 keys have not seen use in 2014 yet. And of those 160 keys have been used most recently in 2011; of those we can be rather certain that removing their key from the ring actually confirms the status quo rather than disrupt it. It therefore makes sense not to focus on the number of 436, but on the ones that have actually been used in 2014; get that first number of 160 closer to 0. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/edbe948c76a3d7abd9d0f5d126b237f9.squir...@aphrodite.kinkhorst.nl
Re: Reminder: Removing 2048 bit keys from the Debian keyrings
Can you put this list, and a count, in a place I can wget from? Richard -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAD77+gSx377A0rG6ZYhszEfm27u0q5KW7bDtG9gi9aG43=z...@mail.gmail.com
