date:20131004

debian.net- Integrated marketing help

2013-10-04 Thread Chinu

div dir=ltrp  
style=color:rgb(34,34,34);font-family:arial;font-size:small;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;margin-bottom:0cm




font color=#ff face=Verdana,  
sans-serifbdebian.net/b/fontspan  
style=font-family:Verdana,sans-serif;color:rgb(0,0,255) /spanspan  
style=font-family:Verdana,sans-serif;color:rgb(0,0,255)Team,/span/p




p  
style=color:rgb(34,34,34);font-family:arial;font-size:small;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;margin-bottom:0cm




font color=#fffont face=Verdana, sans-seriffontI thought you  
might like to know some reasons why you are not getting enough Social Media  
and Organic search engine traffic for  
bdebian.net./b/font/font/font/p




p  
style=color:rgb(34,34,34);font-family:arial;font-size:small;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;margin-bottom:0cm




font color=#fffont face=Verdana, sans-serif1. Your website  
bdebian.net /bis not ranking top in Google organic searches for many  
competitive keyword phrases./font/font/pp  
style=color:rgb(34,34,34);font-family:arial;font-size:small;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;margin-bottom:0cm




font color=#fffont face=Verdana, sans-serif2. Your company is  
not doing well in most of the Social Media Websites./font/font/pp  
style=color:rgb(34,34,34);font-family:arial;font-size:small;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;margin-bottom:0cm




font color=#fffont face=Verdana, sans-serif3. Your site is not  
user friendly on mobile devices./font/font/pp  
style=color:rgb(34,34,34);font-family:arial;font-size:small;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;margin-bottom:0cm




font color=#fffont face=Verdana, sans-serifThere are many
additional improvements that could be made to your website, and if you
would like to learn about them, and are curious to know what our working
 together would involve, then I would be glad to provide you with a
detailed analysis in the form of aspan /spanbWEBSITE AUDIT REPORT for  
FREE/b./font/font/p



p  
style=color:rgb(34,34,34);font-family:arial;font-size:small;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;margin-bottom:0cm




font color=#fffont face=Verdana, sans-serifOur clients
consistently tell us that their customers find them because they are at
the top of the Google search rankings. Being at the top left of Google
(#1- #3 organic positions) is the best thing you can do for your
company#39;s website traffic and online reputation. You will be happy to
know that, my team is willing to guarantee you  
1supst/supspan /spanpage Google ranking for most of your targeted  
keyword phrases in our six month ongoing campaign./font/font/p



p  
style=color:rgb(34,34,34);font-family:arial;font-size:small;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;margin-bottom:0cm




font color=#fffont face=Verdana, sans-serifSound
interesting? Feel free to email us or alternatively you can provide me
with your phone number and the best time to call you.br

--WBR--WBR-brBest  
Regards,br/font/font/ptable  
rules=NONE frame=VOID  
style=color:rgb(34,34,34);font-family:arial;font-size:small;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px  
border=0 cellspacing=0 cols=1




colgroupcol width=215/colgrouptbodytrtd  
style=font-family:arial,sans-serif;margin:0px align=LEFT height=17  
width=215font color=#ff face=DejaVu Sans MonobChinu  
Palbr/b/font/td/tr




/tbody/tabletable rules=NONE frame=VOID

Moving to stronger keys than 1024D

2013-10-04 Thread Aníbal Monsalve Salazar

It has been considered irresponsible to use 1024D keys at this point in
time.

What are the plans to disable 1024D keys?

If you think SHA1 is still safe, have a look at the SHA1 decypter tool
at: http://www.md5decrypter.co.uk/sha1-decrypt.aspx


signature.asc
Description: Digital signature

Re: Moving to stronger keys than 1024D

2013-10-04 Thread Paul Wise

On Sat, Oct 5, 2013 at 7:02 AM, Aníbal Monsalve Salazar wrote:

 It has been considered irresponsible to use 1024D keys at this point in
 time.

 What are the plans to disable 1024D keys?

There are more people using 1024-bit keys than = 2048-bit keys (in
debian-keyring.gpg), many of these are active developers, some not so
active. It would be a major human resources issue for Debian to
disable all of those keys but I guess it is the only way to get people
to migrate to stronger keys.

654 pub   1024D
  1 pub   1024R
 27 pub   2048R
  2 pub   3072R
306 pub   4096R
  2 pub   8192R
  1 pub   10240R

 If you think SHA1 is still safe

I note that OpenPGP V4 fingerprints are SHA-1 and OpenPGP V5 doesn't exist yet.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise
http://bonedaddy.net/pabs3/


--
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAKTje6FnLta3RNqBLxPE0hG6b2Y=sd2wg1sm_cntp8ozj5c...@mail.gmail.com

Re: Moving to stronger keys than 1024D

2013-10-04 Thread Russ Allbery

Paul Wise p...@debian.org writes:

 There are more people using 1024-bit keys than = 2048-bit keys (in
 debian-keyring.gpg), many of these are active developers, some not so
 active. It would be a major human resources issue for Debian to disable
 all of those keys but I guess it is the only way to get people to
 migrate to stronger keys.

 654 pub   1024D
   1 pub   1024R
  27 pub   2048R
   2 pub   3072R
 306 pub   4096R
   2 pub   8192R
   1 pub   10240R

I suspect that some of the problem is people feeling like they need to go
through an in-person key signing to get their new key certified, which can
be quite awkward depending on where one lives and how much day-to-day
contact one has with other DDs.  Perhaps we should make more public the
idea that a key transition document signed with both keys and posted
publicly is probably sufficient to warrant signing the new key if one has
signed the old key?  (Assuming that's actually true.)

-- 
Russ Allbery (r...@debian.org)   http://www.eyrie.org/~eagle/


-- 
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/877gdss72x@windlord.stanford.edu

Re: Moving to stronger keys than 1024D

2013-10-04 Thread Gunnar Wolf

Russ Allbery dijo [Fri, Oct 04, 2013 at 08:57:26PM -0700]:
 I suspect that some of the problem is people feeling like they need to go
 through an in-person key signing to get their new key certified, which can
 be quite awkward depending on where one lives and how much day-to-day
 contact one has with other DDs.  Perhaps we should make more public the
 idea that a key transition document signed with both keys and posted
 publicly is probably sufficient to warrant signing the new key if one has
 signed the old key?  (Assuming that's actually true.)

Right. We were discussing this between Ansgar Burchardt, Jonathan
McDowell and myself (prompted by Ansgar, as he noticed the same
numbers Paul Wise has just posted, giving a reference that it was
mentioned in #d-security), and we do agree it is a high priority
issue.

In addition to Paul's numbers, we have also the DM keyring, which is
in a much better shape quite probably because it's much newer. 

115 4096R
 54 1024D
 11 2048R
  1 8192R
  1 3072R
  1 1280R

We have not yet pushed this further because both Jonathan and me are
currently under a very high workload (well, I don't want to talk for
Jonathan, but I have come to know his work patterns somewhat ;-) )

We made a big push during ~2009 to get people to migrate away from
(even) weaker PGP keys, and IIRC completed the move by 2010. And we
have invited people to move to 4096R, with some insistence back then,
but we have really slowed down the pressure (real-life issues maybe?)

During a brief interchange of mails, several ideas were floated:

- Give a suitable time window for the key migration and disable old
  keys. Jonathan gave a first suggestion of 6 months.

- Actually reach out to people and make explicit that 1024D is *no
  longer enough*. We guess that some of them never paid too much
  attention to the issue, and those are the most likely to be Debian
  outliers, not people inside the core group who meet year-to-year
  with the community and play the get more signatures game.

- An idea to help said outliers is to use the data in LDAP to tell
  them who lives closest to them so they can get signatures more
  quickly. Of course, this has the disadvantage on relying on our
  (known-bogus and known-incomplete) LDAP geolocation data.

- If we were to retire all 1024D keys today, we would lock out
  approx. two thirds of Debian. That's clearly unacceptable. I don't
  think it's feasible to attempt it until we are closer to the one
  third mark — And I'm still not very comfortable with it. But OTOH,
  it can help us pinpoint those keys that are not regularly used

  - People who have done MIA-tracking, do our tools report when was
the last activity we saw in connection with a given key? I'd guess
they do...

- Yes, Ansgar points out that it's still probably easier to steal a
  GPG key than to break it. Not all of us follow the safest computing
  techniques, do we?

- Ansgar says, and it's in line with Russ' suggestion «A compromise
  for people in remote locations would be to allow them requesting key
  replacement with a stronger key that is only signed by
  themselves. The price would be a weaker WoT, but maybe that would be
  okay for a few keys». This one makes me somewhat uneasy: Not
  requiring signatures leads to a very easy (for some definition of
  easy) way to steal a dormant account's personna. I'd really like to
  keep the two signatures needed rule.

  Yes, our WoT has naturally weakened due to bitrot
  (i.e. cross-signatures made with keys which are later retired might
  have created WoT islands), but we do have at least identity
  assurance history. We could accept (although I don't know how
  practical it'd be) a possibility to equate, say, two signatures by
  well-connected people in the Free Software ecosystem to equate one
  DD signature? (yes, sure, but what does well-connected mean‽)

Anyway, some random thoughts. I should really head to bed now.

Thanks to Pabs for kicking me into writing this mail! :)


signature.asc
Description: Digital signature

debian.net- Integrated marketing help

Moving to stronger keys than 1024D

Re: Moving to stronger keys than 1024D

Re: Moving to stronger keys than 1024D

Re: Moving to stronger keys than 1024D

5 matches

Site Navigation

Mail list logo

Footer information