[Bug 6223] New: distro signing key is unsafe

bugzilla-daemon Wed, 21 Oct 2009 14:11:35 -0700

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6223


           Summary: distro signing key is unsafe
           Product: Spamassassin
           Version: unspecified
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Building & Packaging
        AssignedTo: [email protected]
        ReportedBy: [email protected]


http://www.apache.org/dev/release-signing.html notes:

'Committers with a DSA key or an RSA key of length less than 2048 bits should
generate a new key for signing releases. The original key does not need to be
revoked yet.'

our sa-update signing key is 4096-bit RSA, but 
http://www.apache.org/dist/spamassassin/KEYS uses a 1024-bit DSA key :(

http://www.apache.org/dev/key-transition.html details what we need to do.

-- 
Configure bugmail: 
https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

[Bug 6223] New: distro signing key is unsafe

Reply via email to