Re: Reminder: Removing 2048 bit keys from the Debian keyrings
On Sat, Nov 08, 2014 at 10:19:02PM +0100, Richard Hartmann wrote: That seems to have happened in similar form a few times already; given the context, it's reasonable to expect them to poke -project, -private, or just anyone on their own. I know at least one of the people listed who is already taking action, currently managed to get one DD signature (me) and several other paths to the strongly connected set, and will probably wait until closer to the deadline to do the key update, hoping for opportunities for more DD sigs. Therefore I would not claim that all of the people listed there are sitting there doing nothing. I like that Jonathan's mail was worded as an invitation to offer help. Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini enr...@enricozini.org signature.asc Description: Digital signature
Re: Reminder: Removing 2048 bit keys from the Debian keyrings
On Sat, Nov 08, 2014 at 08:25:58PM +0100, Marco d'Itri wrote: On Nov 08, Jonathan McDowell nood...@earth.li wrote: Back in August I sent notification[0] about the fact that we will be removing all keys less than 2048 from our keyrings at the end of the year (31st December 2014). Sadly the response to this has been slower than expected, and we still have about 439 keys that require replacement. So the plan is that the beatings will continue until morale improves? I am sorry you and those developers who have emailed me privately to complain feel like I am engaging in some form of punishment or naming and shaming. I deliberately did not include the list of affected contributors in my August mail, despite being asked to be several people. At this point I'm now trying to make sure that absolutely no one can claim that they were not warned about the forthcoming key removals; I have also been criticised for having too soft an approach up to this point, such that several people have felt that the first warning they had that the project was phasing out shorter key lengths was the August mail. To reinforce Enrico's mail I'm well aware that there are people on the list who are valiantly trying to get the signatures they need on new keys, and have had legitimate issues with getting them. I ask the project to help them where possible. J. -- 101 things you can't have too much of : 19 - A Good Thing. signature.asc Description: Digital signature
Re: Reminder: Removing 2048 bit keys from the Debian keyrings
nood...@earth.li wrote: I am sorry you and those developers who have emailed me privately to complain feel like I am engaging in some form of punishment or naming and shaming. No, I do not think that there is anything wrong with publishing their names. What I feel is that this new policy of removing the shorter keys in such a timeframe, other than not being justified by the actual security risks, is failing to achieve the results desidered (still many people have not replaced their key) but no actions are being taken to correct it. -- ciao, Marco -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/m3ofqr$uj8$1...@posted-at.bofh.it