Jonathan McDowell writes ("Re: State of the debian keyring"):
> On Sun, Feb 23, 2014 at 02:10:12PM +0800, Paul Wise wrote:
> * The new key must be signed by the old key that is being replaced.
>
> * The new key must be signed by 2 other keys that are present in the
> Debian keyring.
Are we now at the stage where it is more important to retire these
shortish keys, than to insist on this cross-signatures ?
I.e., perhaps it would be better to invite key rollover from a short
key to a long one despite the lack of 2 other DD signatures; or
perhaps even despite the lack of _any_ other DD signatures.
Instead, the keyholder could perhaps present a signed key transition
document.
A downside is that we would probably have to keep the rolled-over
short keys somewhere, at least to maintain the integrity of our
records of why a key is in the keyring.
Ian.
--
To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/21259.34614.519800.702...@chiark.greenend.org.uk
