On Thu, Feb 27, 2014 at 01:18:58PM +0000, Ian Jackson wrote:
> Jonathan McDowell writes ("Re: State of the debian keyring"):
> > On Mon, Feb 24, 2014 at 05:53:58PM +0000, Ian Jackson wrote:
> > > Are we now at the stage where it is more important to retire these
> > > shortish keys, than to insist on this cross-signatures ?
> ...
> > I'd rather avoid this if possible, but it's something I'd be prepared to
> > consider for those who really can't manage to any another signature.
>
> So you have answered my question with "no".Actually, that's not what he replied. You asked wether to chose between Scylla and Charybdis, and Jonathan just replied that Charybdis wasn't a really good option but would there be no other choice, in specific situation, he'd be prepared to do that. That's very different than “no”. > In conclude that this > weak keys problem is not all that urgent, in your opinion. I'll stop > worrying about it too much. *sighs* Considering you already have a 2048R master key, sure, you can stop worrying for now (I'm unsure why you chose not to directly have a 4096R one, but eh). That won't actually stop me worrying for the rest of the Debian keyring, because only one compromised key is enough, and cryptography is really a field where you prefer to be safe than sorry. Regards, -- Yves-Alexis Perez
signature.asc
Description: Digital signature
