On Sun, Oct 06, 2013 at 01:21:50PM +, Thorsten Glaser wrote:
I assume Asheesh generated
the newer key to have the same ID as the older – not nice…
Yes, http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html
--
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
On Sun, 06 Oct 2013, Thorsten Glaser wrote:
Ah actually this is because 70096AD1 is not unique, and
Zack has signed both of them. (I assume Asheesh generated
the newer key to have the same ID as the older – not nice…
Actually, yes, it is quite nice. Otherwise, all sort of bugs related to
this
Stefano Zacchiroli dixit:
The more useful question is how many of the signatures on your new key
come from strong keys, and how many strong keys have you signed with
that new key?
Right. If you happen to have a oneliner to verify that I'll be happy to
answer these questions :)
Not exactly
Dixi quod…
got 328 signatures in total, 319 keys signed in total
expect this to be 329 and 319, respectively
Ah actually this is because 70096AD1 is not unique, and
Zack has signed both of them. (I assume Asheesh generated
the newer key to have the same ID as the older – not nice…
but the
Moin!
Stefano Zacchiroli z...@debian.org writes:
The more useful question is how many of the signatures on your new key
come from strong keys, and how many strong keys have you signed with
that new key?
Right. If you happen to have a oneliner to verify that I'll be happy to
answer these
On Sat, Oct 5, 2013 at 1:41 PM, Gunnar Wolf wrote:
In addition to Paul's numbers, we have also the DM keyring, which is
in a much better shape quite probably because it's much newer.
Good news.
- Give a suitable time window for the key migration and disable old
keys. Jonathan gave a
On Sat, Oct 05, 2013 at 12:41:41AM -0500, Gunnar Wolf wrote:
Yes, our WoT has naturally weakened due to bitrot
(i.e. cross-signatures made with keys which are later retired might
have created WoT islands), but we do have at least identity
assurance history.
So, I've a question about
On Sat, Oct 05, 2013 at 10:37:40AM +0200, Stefano Zacchiroli wrote:
Oh mighty Debian keyring maintainers and WoT gurus, what do you suggest
to do in this respect? When is the right moment to retire old keys after
migration to stronger ones?
I think that you clearly reached the point where
On Sat, Oct 05, 2013 at 10:37:40AM +0200, Stefano Zacchiroli wrote:
What worries me is that by revoking my old key I'll make the situation
for the WoT worse. Given the current state and evolution trends of WoT,
is it actually the case, as Gunnar hints at above, or not?
OTOH by not retiring
On Sat, Oct 05, 2013 at 08:17:48AM -0700, Jonathan McDowell wrote:
Now. If you have a 2048 bit or larger key that has been signed by at
least 2 other DDs but still have a 1024D key in our keyring you should
be filing a request for replacement.
I'm sorry, I realize only now I wasn't clear on
On Sat, Oct 05, 2013 at 05:32:18PM +0200, Stefano Zacchiroli wrote:
On Sat, Oct 05, 2013 at 08:17:48AM -0700, Jonathan McDowell wrote:
Now. If you have a 2048 bit or larger key that has been signed by at
least 2 other DDs but still have a 1024D key in our keyring you
should be filing a
It has been considered irresponsible to use 1024D keys at this point in
time.
What are the plans to disable 1024D keys?
If you think SHA1 is still safe, have a look at the SHA1 decypter tool
at: http://www.md5decrypter.co.uk/sha1-decrypt.aspx
signature.asc
Description: Digital signature
On Sat, Oct 5, 2013 at 7:02 AM, Aníbal Monsalve Salazar wrote:
It has been considered irresponsible to use 1024D keys at this point in
time.
What are the plans to disable 1024D keys?
There are more people using 1024-bit keys than = 2048-bit keys (in
debian-keyring.gpg), many of these are
Paul Wise p...@debian.org writes:
There are more people using 1024-bit keys than = 2048-bit keys (in
debian-keyring.gpg), many of these are active developers, some not so
active. It would be a major human resources issue for Debian to disable
all of those keys but I guess it is the only way
Russ Allbery dijo [Fri, Oct 04, 2013 at 08:57:26PM -0700]:
I suspect that some of the problem is people feeling like they need to go
through an in-person key signing to get their new key certified, which can
be quite awkward depending on where one lives and how much day-to-day
contact one has
15 matches
Mail list logo