-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Roy T. Fielding wrote:
On Aug 11, 2009, at 8:24 AM, Robert Burrell Donkin wrote:
1024 bit keys and SHA-1 links are currently considered safe so there's
no reason to believe that apache keys have been compromised. transition
statements [1] in a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Henri Yandell wrote:
Need to update http://www.apache.org/dev/release-signing.html to say
4096 asap I suspect :) Stop new people being lured into this problem.
yes but...
key size isn't the direct cause of the problem: SHA-1 is
AIUI the OpenPGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
William A. Rowe, Jr. wrote:
Jukka Zitting wrote:
Hi,
On Tue, Aug 11, 2009 at 4:09 PM, Rich Bowenrbo...@rcbowen.com wrote:
Is it possible to regenerate my gpg key without losing all the signatures on
my existing key?
To bootstrap the new key,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert Burrell Donkin wrote:
Henri Yandell wrote:
Need to update http://www.apache.org/dev/release-signing.html to say
4096 asap I suspect :) Stop new people being lured into this problem.
i've committed something (as a stopgap measure)
yes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
with ApacheConUS only three months away, we really need to start
planning how apache can move away from short keys (DSA and RSA 2048)
and weak WOT links (SHA-1)[1]. the consensus on infra was that this is
the best list for this discussion. if it
Is it possible to regenerate my gpg key without losing all the
signatures on my existing key? I presume not, but perhaps there's
something I'm missing. I have a 1024 bit key, and would like to be
like the cook kids, but not lose ten years of signatures.
On Aug 11, 2009, at 08:39, Robert
You cannot retrospectively 'upgrade' your key, AIUI, at least.
So you will sadly lose all your signatures as you will need a new
key. Thankfully I created mine with a 4096 key length so I'm ok, but
I get impression many folks wont be.
Get your key created now, and at Apachecon we will have
On Aug 11, 2009, at 10:13, Tony Stevenson wrote:
You cannot retrospectively 'upgrade' your key, AIUI, at least.
So you will sadly lose all your signatures as you will need a new
key. Thankfully I created mine with a 4096 key length so I'm ok,
but I get impression many folks wont be.
Get
Hi,
On Tue, Aug 11, 2009 at 4:09 PM, Rich Bowenrbo...@rcbowen.com wrote:
Is it possible to regenerate my gpg key without losing all the signatures on
my existing key?
To bootstrap the new key, you could sign it with your old key.
Not sure if that should be enough for others to trust that it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rich Bowen wrote:
On Aug 11, 2009, at 10:13, Tony Stevenson wrote:
You cannot retrospectively 'upgrade' your key, AIUI, at least.
So you will sadly lose all your signatures as you will need a new
key.
it should be possible to use a script
Jukka Zitting wrote:
Hi,
On Tue, Aug 11, 2009 at 4:09 PM, Rich Bowenrbo...@rcbowen.com wrote:
Is it possible to regenerate my gpg key without losing all the signatures on
my existing key?
To bootstrap the new key, you could sign it with your old key.
Not sure if that should be enough
Need to update http://www.apache.org/dev/release-signing.html to say
4096 asap I suspect :) Stop new people being lured into this problem.
Hen
On Tue, Aug 11, 2009 at 5:39 AM, Robert Burrell
Donkinrdon...@apache.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
with ApacheConUS only
On Aug 11, 2009, at 8:24 AM, Robert Burrell Donkin wrote:
1024 bit keys and SHA-1 links are currently considered safe so there's
no reason to believe that apache keys have been compromised.
transition
statements [1] in a trusted location will probably be good enough to
convince most people to
13 matches
Mail list logo
