On Sun, Feb 23, 2014 at 12:49:37PM -0300, Henrique de Moraes Holschuh wrote: > On Sun, 23 Feb 2014, Jonathan McDowell wrote: > > * Requests need to include the full fingerprint of both the old and the > > new key. Not just the key IDs. Not just the new key. We want to be > > absolutely certain of what you're requesting replaced. I quite like > > seeing the actual "gpg --fingerprint" output for both keys because it > > tends to be quite easy to visually verify. > > > > * The new key must be signed by the old key that is being replaced. > > > > * The new key must be signed by 2 other keys that are present in the > > Debian keyring. > > > > * The request must be signed by the old key. Signing the request with > > the new key alone is not helpful - requests must always be signed by > > a key that is currently in the active keyring. Signing it with both > > is fine, but not required. > > > > * You should specify *why* you want to replace your key. Knowing that > > it's because you're moving to a stronger key rather than because your > > old key is compromised / unavailable / on fire helps us prioritise > > things. > > This is not what is written here: > http://keyring.debian.org/replacing_keys.html > > Please update that page. In particular, it *requires* a third party to > request the key swap on your behalf.
Paragraph 2 on that page states: | If key X is still valid then Alice may sign the request using that key, | but must ensure key Y is signed by key X as well as at least 2 other | active Debian developers whose keys are in the keyring. What would you suggest as alternative wording which is clearer? J. -- Replace repetitive expressions by calls to a common function. This .sig brought to you by the letter M and the number 35 Product of the Republic of HuggieTag -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140223172214.gy27...@earth.li
