On Sat, Feb 22, 2014 at 7:35 PM, Gunnar Wolf <[email protected]> wrote: >> That's still 61.5% that's at 1024 bit. CAs are doing better than >> this, with only 0.8% of the certificates that are still active >> being 1024 bit. >> >> Can I suggest that everyone that is still using a 1024 bit pgp key >> generates a new key *now*? >> >> The recommended minimum size is at least 2048 bit, but I suggest >> you go for 4096 bit. > > ...And now hat you mention this here on the list, we have been > discussing how to deal with this for keyring-maint¹. > > It would clearly be unacceptable for us to decide to lock out 61.5% of > Debian because of their old key. Also, removing those keys would most > probably make our WoT much more fragile. > > I'd like to ask the project as a whole for input on how we should push > towards this migration. I guess that most of the socially-connected > Debian Developers already have 4096R keys. How can we reach those who > don't? How can we incentivate them to change?
Has there been any analysis of how active the developers are? I'd hazard to guess that a good number should be moved to emeritus status. Perhaps we should do a ping of developers with 1024 bit keys? -- Andrew Starr-Bochicchio Ubuntu Developer <https://launchpad.net/~andrewsomething> Debian Developer <http://qa.debian.org/developer.php?login=asb> PGP/GPG Key ID: D53FDCB1 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAL6k_Axef15jarUVpbU9WC_pBAGUqTHfJdmeHhUV=ta5rcg...@mail.gmail.com
