On Mon, Jan 31, 2011 at 01:49:26PM -0500, Theodore Ts'o wrote: > If you are signing keys where you've verified the identity of fellow > Debian developers at a key signing party, please do us all a favor and > don't just sign it with your brand-new key --- but *also* sign the DD's > key with whatever key you you currently have currently in the Debian > keyring.
As I've been recently hit by this gotcha and as a memo for others, note that if you are using caff, the following is *not* enough to fulfill the above requirement: zack@usha:~$ grep keyid .caffrc $CONFIG{'keyid'} = [ qw{D5CA9B04F2C423BC 9C31503C6D866396} ]; you also need something like: zack@usha:~$ grep keyid .caffrc $CONFIG{'local-user'} = [ qw{D5CA9B04F2C423BC 9C31503C6D866396} ]; ... or you need to remember passing "-u $KEYID,$OLDKEYID" to caff (yes, I've defined the two environment variable for the transition period and they come pretty handy). Cheers PS too bad LCA's signing party was at the same time of Tridge's talk :-( -- Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7 zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/ Quando anche i santi ti voltano le spalle, | . |. I've fans everywhere ti resta John Fante -- V. Capossela .......| ..: |.......... -- C. Adams
signature.asc
Description: Digital signature