Hi,
On 27.12.2013 00:18, Nick Kew wrote:
What is Debian's view on the relative importance of key size vs breadth
and depth of the WoT surrounding a key? I would tend to find an ancient
1024-bit key with 100 strong-set sigs much more reassuring than a shiny
new 4096-bit with just 1 (let alone
On 12/26/2013 06:18 PM, Nick Kew wrote:
You're ahead of us. Individual Apache folks like Jim have taken
responsibility and moved to 4096-bit keys, but we haven't as a
community had the discussion that might lead to pruning KEYS.
My inclination is to say NO to requiring anyone to remove old
Please remove me from this email list. Please unsubscribe me. Thanks.
On Fri, Dec 27, 2013 at 10:49 AM, Daniel Kahn Gillmor d...@fifthhorseman.net
wrote:
On 12/26/2013 06:18 PM, Nick Kew wrote:
You're ahead of us. Individual Apache folks like Jim have taken
responsibility and moved to
Hi apache folks--
In http://bugs.debian.org/732450, debian is preparing to
cryptographically verify OpenPGP signatures on apache upstream tarballs.
As part of the dicsussion, it's become clear that some of the keys in
https://www.apache.org/dist/httpd/KEYS are weak by any modern
consideration of
On 26 Dec 2013, at 21:47, Daniel Kahn Gillmor wrote:
As part of the dicsussion, it's become clear that some of the keys in
https://www.apache.org/dist/httpd/KEYS are weak by any modern
consideration of public key cryptography. Could this set of keys be
pruned?
You're ahead of us.
5 matches
Mail list logo
