The bitlength should be 4096 (https://wiki.debian.org/Keysigning). I do not have any immediate idea. The Debian developer keys should be distributed already with our users, so I guess they could verify the package if I or Petter signs it. Also, I read about a repository signed by multiple keys, but have not found any further respective instructions - guess something like https://stackoverflow.com/questions/37725969/several-pgp-signatures-for-one-file which if that works possibly maintains compatibility for ealier releases of Debian.
There may not be a way around creating a new LinuxCNC repository key. I suggest to sign that key with the old key and have it on various keyservers and/or our website. With Petter and me signing that key, I guess that key will then be trusted. Best, Steffen > Gesendet: Montag, 29. September 2025 um 13:27 > Von: "andy pugh" <[email protected]> > An: "EMC developers" <[email protected]> > Betreff: [Emc-developers] Archive Signing Key > > It appears that Trixie rejects the current archive signing key > (elg2048) as not secure enough. > > I could, in theory, generate a new key and re-sign the archive, > > But then all our existing user base would have an installed key that > does not work. > > Does anyone who knows more about archive signing keys than me have any > thoughts on how to proceed? > > (To know more than me you only need to know more than I have put in > the email above, I have just been blindly signing the repo with the > key that Seb gave me) > > -- > atp > "A motorcycle is a bicycle with a pandemonium attachment and is > designed for the especial use of mechanical geniuses, daredevils and > lunatics." > — George Fitch, Atlanta Constitution Newspaper, 1912 > > > _______________________________________________ > Emc-developers mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/emc-developers > _______________________________________________ Emc-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/emc-developers
