On Fri, 11 May 2012 10:05:47 +0200, Florian Schlichting <fschl...@zedat.fu-berlin.de> wrote: > Hi Antoine, > > thanks for looking at irssi-plugin-xmpp! > > > This is looking good. Is there any way I can get a signed PGP key from > > you to verify this package? At least having the key from a keyserver... > > please find below the gpg key that I used to upload the package to > mentors. It is a key that I created on the fly on a VM I used for > packaging. Since in theory, this VM is accessible to a varying group of > other people, I consider it a "throwaway" key and never uploaded it > to a keyserver. > > I have an old 1024D key, which is even signed by some DDs, and I > recently created a 4096R key (not uploaded yet) which I intend to > transition to, as I understand that going into newmaint requires a > stronger key (or does it?). If you want me to re-upload > irssi-plugin-xmpp to mentors signed with one of those keys, I'd be very > happy to do so (provided mentors will allow me to delete and then > re-upload the same version...)
I don't think using such throw away keys is a good practice for debian
packages. You can use the "debsign" utility to remotely sign packages
with your local key.
I would be happy to get your old and new keys, and if you can reupload
your package with that, that would be better.
Thanks!
A.
--
You Are What You Is
- Frank Zappa
pgpiw0vvliL6a.pgp
Description: PGP signature
