On Mon, Feb 24, 2014 at 05:35:34PM +0100, Lucas Nussbaum wrote:
Hi,
On 22/02/14 at 20:57 -0500, Andrew Starr-Bochicchio wrote:
Has there been any analysis of how active the developers are? I'd
hazard to guess that a good number should be moved to emeritus status.
Perhaps we should do a
On Tue, Feb 25, 2014 at 02:34:01AM +, Marco d'Itri wrote:
enr...@enricozini.org wrote:
It also took me a long while to switch because I didn't understand that
it was already this urgent,
Because unless you are paranoid, then it is not.
If anybody disagrees then please describe a
On Feb 27, Yves-Alexis Perez cor...@debian.org wrote:
Because unless you are paranoid, then it is not.
If anybody disagrees then please describe a credible threat model in
which:
- an entity would want to have access to the key of a DD, and
- would find brute forcing a 1024 bit key more
On 2014-02-27, Yves-Alexis Perez cor...@debian.org wrote:
Well, a quick grep on the result shows that of those 652 uploads done
using 1024b keys, only half of them were made since the beginning of
2013. 327 have been done *before* 2013. I guess those can't really be
I'm unsure when I did my
On Wed, 26 Feb 2014, Wouter Verhelst wrote:
- Wrap your lines at 80 characters or less for ordinary discussion. Lines
longer than 80 characters are acceptable for computer-generated output
(e.g., ls -l).
- Do not send automated out-of-office or vacation messages.
- Do not send test
Enrico Zini writes (Re: State of the debian keyring):
...which reminds me of http://www.enricozini.org/2008/tips/audit-uploads/
which was a prototype of creating an audit log of key usage in debian.
...
This means hooking into any place where a signature verification or a
decryption actually
Jonathan McDowell writes (Re: State of the debian keyring):
On Mon, Feb 24, 2014 at 05:53:58PM +, Ian Jackson wrote:
Are we now at the stage where it is more important to retire these
shortish keys, than to insist on this cross-signatures ?
...
I'd rather avoid this if possible, but it's
On Thu, Feb 27, 2014 at 11:19:23AM +0100, Marco d'Itri wrote:
On Feb 27, Yves-Alexis Perez cor...@debian.org wrote:
Because unless you are paranoid, then it is not.
If anybody disagrees then please describe a credible threat model in
which:
- an entity would want to have access to
On Thu, Feb 27, 2014 at 01:18:58PM +, Ian Jackson wrote:
Jonathan McDowell writes (Re: State of the debian keyring):
On Mon, Feb 24, 2014 at 05:53:58PM +, Ian Jackson wrote:
Are we now at the stage where it is more important to retire these
shortish keys, than to insist on this
On Thu, Feb 27, 2014 at 11:08:43AM +, Sune Vuorela wrote:
On 2014-02-27, Yves-Alexis Perez cor...@debian.org wrote:
Well, a quick grep on the result shows that of those 652 uploads done
using 1024b keys, only half of them were made since the beginning of
2013. 327 have been done
10 matches
Mail list logo