The procedure to upload new keys is described here https://www.gnu.org/prep/maintain/maintain.html
If in doubt contact the GNU administrators. Best regards Heinrich Schuchardt http://www.xypron.de Am 23.01.17 um 10:25 schrieb Andrew Makhorin > Hi Heinrich, > > > you are using a 1024 bit key for signing GLPK distribution tar balls. > > > > 1024 bit is no longer considered safe. Cf. > > http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf > > > > Furthermore you are using SHA-1 for signing. > > SHA1 is also regarded as unsafe. > > > > Please, create a signing key of at least and cross sign it with your old > > 1024 bit key. You might use SHA-256 for signing. > > > > Thanks for information. However, I follow the instruction for GNU > maintainers, which requires a certain procedure to upload the tarballs > to the main ftp site: > > For each upload destined for ftp.gnu.org or alpha.gnu.org, > three files (a triplet) need to be uploaded via ftp ... > > (1) File to distributed (eg. foo.tar.gz) > > (2) Detached GPG binary signature for (1) (using gpg -b) > (eg. foo.tar.gz.sig) > > (3) Clearsigned "directive" file (using gpg --clearsign) > (eg. foo.tar.gz.directive.asc) > > I cannot change my gpg keys, because this would invalidate my signature > recognized at GNU. > > > Best regards, > > Andrew Makhorin _______________________________________________ Help-glpk mailing list Help-glpk@gnu.org https://lists.gnu.org/mailman/listinfo/help-glpk
