On Sun, Feb 23, 2014 at 05:46:53PM +0300, Cyril Brulebois wrote: > (It took me like 4 years to switch to my current 4k key, partly because > I didn't feel the urge to switch, and partly because I would have hated > wasting your time with a malformed request.)
It also took me a long while to switch because I didn't understand that it was already this urgent, so my mode of operation was "let's collect sigs for the time being, and switch when I hear another call". I think it would be useful to see an update to debian-devel-announce, explaining what's the current vulnerability status of 1024bit keys, and asking to please switch NOW. As a potential follow-up plan, I propose this one: After a month or two, we can start mailing people directly, starting from the most active, asking why they haven't migrated yet, and asking them to please tell others to migrate if they see a 1024 key around. After another month or two, we can start taking keys off the keyring, starting from the less active people, and announcing each batch of removed keys to d-d-a. Ciao, Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enr...@enricozini.org>
signature.asc
Description: Digital signature
