5 years ago we started to get worried about the strength of the OpenPGP keys. In May 2009 I stated in a mail to d-d-a[0] that as a project we should be making an orderly move towards stronger keys but not at the expense of our Web of Trust.
In September 2009 I reminded[1] people to ensure they're new keys had a reasonable number of signatures before requesting replacement.
On October 1st 2010 we stopped[2] accepting new keys that were smaller than 2048 bits to the Debian keyrings.
This year, in March[3], we stated that while we were not yet doing a mass removal we were aggressively deprecating the use of 1024 bit keys.
Earlier this week I sent emails directly to the 650+ Debian Developers and Debian Maintainers who still have keys less than 2048 bits in our keyrings. This informed them that their key will be removed from the relevant keyring at the end of the year (31st December 2014).
I am pleased to report that we have already seen 40+ requests for replacement submitted to RT as a result, and expect to see more during the weeks after DebConf. I would ask that DDs make some effort to help those with weak keys get their new, stronger keys signed. Please sign responsibly[4], this is an opportunity for us to improve our web of trust.
J, on behalf of keyring-maint.
[0] https://lists.debian.org/debian-devel-a ... 00005.html [1] https://lists.debian.org/debian-devel-a ... 00011.html [2] https://lists.debian.org/debian-devel-a ... 00003.html [3] https://lists.debian.org/debian-devel-a ... 00003.html [4] http://xkcd.com/364/
--/-\ | We fear change. |@/ Debian GNU/Linux Developer | \- |
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
DD Keys
- craigevil
- Posts: 5391
- Joined: 2006-09-17 03:17
- Location: heaven
- Has thanked: 28 times
- Been thanked: 39 times
DD Keys
Raspberry PI 400 Distro: Raspberry Pi OS Base: Debian Sid Kernel: 5.15.69-v8+ aarch64 DE: MATE Ram 4GB
Debian - "If you can't apt install something, it isn't useful or doesn't exist"
My Giant Sources.list
Debian - "If you can't apt install something, it isn't useful or doesn't exist"
My Giant Sources.list