You cannot retrospectively 'upgrade' your key, AIUI, at least.
So you will sadly lose all your signatures as you will need a new
key. Thankfully I created mine with a 4096 key length so I'm ok, but
I get impression many folks wont be.
Get your key created now, and at Apachecon we will have to have a
large key signing party. :)
Tony
On 11 Aug 2009, at 15:09, Rich Bowen wrote:
Is it possible to regenerate my gpg key without losing all the
signatures on my existing key? I presume not, but perhaps there's
something I'm missing. I have a 1024 bit key, and would like to be
like the cook kids, but not lose ten years of signatures.
On Aug 11, 2009, at 08:39, Robert Burrell Donkin wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
with ApacheConUS only three months away, we really need to start
planning how apache can move away from short keys (DSA and RSA <
2048)
and weak WOT links (SHA-1)[1]. the consensus on infra was that this
is
the best list for this discussion. if it happens to get too busy
then a
new list can be created.
the first step needs to be updating the documents so that new release
managers know how to set up and use GnuPG[2] to generate keys
unlikely
to need changing in the next couple of years. i'll start a thread
over
on site dev to cover this.
the first question for discussion is recommended key length. 2048
is the
minimum safe size for new keys but only just. for keys used to sign
releases, 4096 is more credible today. 8192 bit keys are possible
with
GnuPG[3] but are fiddly and - in older tools - support may be patchy.
going for 4096 would mean a second transition before 2015 but the
next
generation (SHA-3 and next generation of OpenPGP) should be
available by
then.
consensus on infra was to go for 4096 but if anyone knows any good
reasons to go for some other value, please jump in.
- - robert
[1]
http://www.jroller.com/robertburrelldonkin/entry/release_distribution_renewing_the_web
[2] http://www.gnupg.org
[3] http://www.jroller.com/robertburrelldonkin/entry/gnupg_8192bit_rsa_keys
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIcBAEBAgAGBQJKgWaEAAoJEHl6NpRAqILLzzQP/RI/ZpkauHrLMzW48lNRsmUc
h9a4HJ1WXL6eESSbJK9rawPxrAvG/p3rbH3TTixIkwLPz8BQDuG8kxmTHn8LDlGg
/YLZbDtgFpF3SElGn1MbzldI48DTgw/JXa4opVHi/gvSAoA72+P7td5D12YiA+6R
Urr6I8hcDOdHRfDsXPHbu5MLh4S//vVgrdOXahLqwzwJK0GCdsjJ88RGJgPXrWfH
abfzKY3jGUheLtIJUbQiMI2IKA5VrCK+WMXoWxnqnnxL6JDQUGXfpai5dxoRy22D
wcv6UN+FIUF8OCBymYRXMcngwczYDkYkUyrVEjOSlnmtC4rHKq/wZGtn3VJGSCEf
hLoSC+aZ+HLHxK5pA0ZxRs4IFhMtTijV5ng6VA1aOPW0N1ySIUd7fgAO7QpksCcL
84LZMAzstH48Ce2Zzrj8oJ5NLYIR531Mh0C7N/JRkUdPLTXDByvXBTJ9uRXoRw6v
a1IexoewUxXfAcR2Yi0lVtkL9ZBVWMm/caXpSqLHKxFvQND71dWg+7UsfJR057c3
CP5bwJIp4dANLOeYa6kj07b+Xu2ZutKBAdZWSH/u3lx1Grh3apq1gbGmdoyKyLyj
d4px2wyB6oWS5C3ZEdAG8oy9QC1LERgnqTt7kMGMNl5j8E1AAMsPTw7laULss1S1
itF2Nys9bJZA1dfQTx7B
=w79Q
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscr...@apache.org
For additional commands, e-mail: community-h...@apache.org
--
If you miss this moment
You miss your life
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscr...@apache.org
For additional commands, e-mail: community-h...@apache.org
Cheers,
Tony
--------------------------------------------
Tony Stevenson
t...@pc-tony.com - pct...@apache.org
pct...@freenode.net - t...@caret.cam.ac.uk
http://blog.pc-tony.com
1024D/51047D66 ECAF DC55 C608 5E82 0B5E
3359 C9C7 924E 5104 7D66
--------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscr...@apache.org
For additional commands, e-mail: community-h...@apache.org
