Jonathan McDowell writes ("Re: State of the debian keyring"): > On Sun, Feb 23, 2014 at 02:10:12PM +0800, Paul Wise wrote: > * The new key must be signed by the old key that is being replaced. > > * The new key must be signed by 2 other keys that are present in the > Debian keyring.
Are we now at the stage where it is more important to retire these shortish keys, than to insist on this cross-signatures ? I.e., perhaps it would be better to invite key rollover from a short key to a long one despite the lack of 2 other DD signatures; or perhaps even despite the lack of _any_ other DD signatures. Instead, the keyholder could perhaps present a signed key transition document. A downside is that we would probably have to keep the rolled-over short keys somewhere, at least to maintain the integrity of our records of why a key is in the keyring. Ian. -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/21259.34614.519800.702...@chiark.greenend.org.uk