[Please CC me on replies and keep discussion on d-release regardless of how you received the mail]
Hi, SRM is considering using an ed25519 GPG key for bookworm. Does anyone see any issues with that? We've tested merging signatures from a (different) ed25519 key and an RSA key using dak's "gpg-merge-signatures" script, and gpgv is happy to verify the result on an oldoldstable (Debian 9 / stretch) system. We know that GPG(V) 1.X can't handle EC keys, which means that the signatures won't be verifiable on jessie. jessie is still supported externally via ELTS, but I don't know that anyone's trying to use it to verify signatures from bookworm. Thanks, Adam
