On Mon, Feb 24, 2014 at 08:28:53PM +0100, Enrico Zini wrote: > I think it would be useful to see an update to debian-devel-announce, > explaining what's the current vulnerability status of 1024bit keys, and > asking to please switch NOW. > > As a potential follow-up plan, I propose this one:
Seconded. If I'm reading Clint's reports right, the aspect that worries me the most is that in 1 month (the delay between the two reports) we've only got 10 additional 4K keys, which is a very slow progress rate. I agree with Enrico that the next step is communicating clearly to project members the *urge* of switching, and I also agree that we should actively nag people to do the switch. Regarding the doc on the migration, I don't have clear proposals on how to make it better, but I AOL other comments in this thread: I've been misreading the text myself for quite a while (or maybe it did change and I didn't notice? no idea) as mandating a third-party to request the change. And I've been chatting with various DDs over time who were postponing the change due to that extra step --- yes, I agree that's a silly reason, but given the urge of migrating I think we should make the procedure as simple as possible and make sure that people *know* it is simple. Just my 0.02 EUR, Cheers. -- Stefano Zacchiroli . . . . . . . z...@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Former Debian Project Leader . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club »
signature.asc
Description: Digital signature
