Gunnar Wolf <[email protected]> writes: > Brian Nelson dijo [Wed, Nov 12, 2014 at 05:09:02PM -0500]: >> >> Wouldn't it make more sense to ask these people privately what is getting >> >> in >> >> the way of a switch to a stronger key? >> > >> > They have been asked. Repeatedly. >> >> I haven't been asked. I've received a few reminders that I need a new >> key with signatures, but I haven't been asked why I haven't submitted a >> new key yet. > > Right. Precise definitions. You are right — Although we have been > slowly but steadily insisting (at least since 2010, when we announced > at DebConf10 we had removed the last 17 remaining PGPv3 keys) that > 1024D keys were no longer considered long-term trusty and urged > everybody to start updating to a >=2K key. > > But, as you are asking, you got me curious :) Why haven't you started > migrating to a new key?
Well I have a new key but it doesn't have any signatures on it other than my own, and I haven't encountered another developer in years to have it signed. I've been listed on https://wiki.debian.org/Keysigning/Offers for years (two locations in two different U.S. states, even) but have never been contacted for a keysigning. I'm not overly far from other developers--Boston is about a 2 hour drive away--but with general busyness from having a family, I haven't found a chance to try to meet people in Boston. The boston-debian-soc mailing list being down for years doesn't help, either. It's not a very interesting story. It's more about being inconvenient than insurmountable. I've just been hoping some opportunity would present itself for an easy keysigning, but that hasn't happen yet. -- Captain Logic is not steering this tugboat. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
