Hi Antoine, > I don't think using such throw away keys is a good practice for debian > packages. You can use the "debsign" utility to remotely sign packages > with your local key.
uh, thanks for pointing me to the -r option of debsign. It would have been good to use that, yes. > I would be happy to get your old and new keys, and if you can reupload > your package with that, that would be better. My old key is 0x0A617FF9, and it should be widely available. My new key is 0x72DC07B5, which I have just uploaded to the keyservers. It is signed by my old key, which in turn is signed by several keys in the Debian keyring, so I hope that can establish a chain of trust. I'm a bit short on time atm, but I intend to mail out a proper transition statement and hopefully get a good number of signatures on the new key soon. Finally, I've just re-uploaded irssi-plugin-xmpp/0.52-1 to mentors signed with my new key. Florian -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120513222205.gh19...@zedat.fu-berlin.de
