On Mon, 24 Feb 2014, Ian Jackson wrote:
> Gunnar Wolf writes ("Re: State of the debian keyring"):
> > Our tools (and I don't only mean keyring-maint, but our projectwide
> > tools) support only one key per person. And frankly, I do not see a
> > case where adding a second one would increase securi
Marco d'Itri writes:
> If anybody disagrees then please describe a credible threat model in
> which:
> - an entity would want to have access to the key of a DD, and
> - would find brute forcing a 1024 bit key more practical than
> stealing it or coercing a developer to disclose it.
Brute-forc
enr...@enricozini.org wrote:
>It also took me a long while to switch because I didn't understand that
>it was already this urgent,
Because unless you are paranoid, then it is not.
If anybody disagrees then please describe a credible threat model in
which:
- an entity would want to have access to t
On Mon, 2014-02-24 at 12:46 -0300, Robson LAURINDO CACHOEIRA wrote:
> Well I wonder, why in the Debian testing (jessie), I can not go back
> to previous page with Backspace, as it did previously.
If you're using Iceweasel/Firefox, see:
http://kb.mozillazine.org/Browser.backspace_action
> This ha
Hi,
Brian Gupta:
> weak key. We would allow DDs to use the new strong key to do their
> work for a limited period of time, while they seek the required two DD
> signatures. (Say 12 months, but this is fungible.) I am proposing a
> role key, so it doesn't get confused with "real sigs" and we can
>
On Mon, Feb 24, 2014 at 05:53:58PM +, Ian Jackson wrote:
> Jonathan McDowell writes ("Re: State of the debian keyring"):
> > On Sun, Feb 23, 2014 at 02:10:12PM +0800, Paul Wise wrote:
> > * The new key must be signed by the old key that is being replaced.
> >
> > * The new key must be signed
On Mon, Feb 24, 2014 at 08:28:53PM +0100, Enrico Zini wrote:
> I think it would be useful to see an update to debian-devel-announce,
> explaining what's the current vulnerability status of 1024bit keys, and
> asking to please switch NOW.
>
> As a potential follow-up plan, I propose this one:
Seco
On Mon, 24 Feb 2014, Ian Jackson wrote:
> It can increase security because it can make operations more
> convenient at the same level of security, and because people trade off
> convenience for security.
>
> For example, it would be possible to have one key for email encryption
> and a different (
On Sun, Feb 23, 2014 at 05:46:53PM +0300, Cyril Brulebois wrote:
> (It took me like 4 years to switch to my current 4k key, partly because
> I didn't feel the urge to switch, and partly because I would have hated
> wasting your time with a malformed request.)
It also took me a long while to switc
On Mon, Feb 24, 2014 at 1:01 PM, Ian Jackson
wrote:
> Sune Vuorela writes ("Re: GR proposal: code of conduct"):
>> Much of irc are semiprivate chatter and socializing and not really
>> something that should be available to the wider public.
>
> I don't think this is realistic for channels which an
On Mon, Feb 24, 2014 at 11:35 AM, Lucas Nussbaum wrote:
> Hi,
>
> On 22/02/14 at 20:57 -0500, Andrew Starr-Bochicchio wrote:
>> Has there been any analysis of how active the developers are? I'd
>> hazard to guess that a good number should be moved to emeritus status.
>> Perhaps we should do a ping
Sune Vuorela writes ("Re: GR proposal: code of conduct"):
> Much of irc are semiprivate chatter and socializing and not really
> something that should be available to the wider public.
I don't think this is realistic for channels which anyone in the world
can join. There are no doubt many people
Gunnar Wolf writes ("Re: State of the debian keyring"):
> Our tools (and I don't only mean keyring-maint, but our projectwide
> tools) support only one key per person. And frankly, I do not see a
> case where adding a second one would increase security. Yes, it could
> make the transition a little
Jonathan McDowell writes ("Re: State of the debian keyring"):
> On Sun, Feb 23, 2014 at 02:10:12PM +0800, Paul Wise wrote:
> * The new key must be signed by the old key that is being replaced.
>
> * The new key must be signed by 2 other keys that are present in the
>Debian keyring.
Are we n
Hi,
On 22/02/14 at 20:57 -0500, Andrew Starr-Bochicchio wrote:
> Has there been any analysis of how active the developers are? I'd
> hazard to guess that a good number should be moved to emeritus status.
> Perhaps we should do a ping of developers with 1024 bit keys?
I've done a quick hack using
Well I wonder, why in the Debian testing (jessie), I can not go back to
previous page with Backspace, as it did previously.
This happened after an upgrade, and the problem is that I can not also
enroll in the debian forum.
I thank you, and excuse my english.
I'm Brazilian.
Atenciosamente.
On 2014-02-24, Paul Wise wrote:
> That would be nice, the IRC channels are currently a big back-channel
> that hides a bunch of useful information from the wider public.
Much of irc are semiprivate chatter and socializing and not really
something that should be available to the wider public.
It
On Thu, Feb 13, 2014 at 5:48 AM, Stefano Zacchiroli wrote:
> For IRC it's a bit more difficult, because we do not long our IRC
> channels by default (or at least I'm not aware we do), with the
> exception of meetings run with the help of meetbot.
...
> i.e. publicly log our IRC channels.
That wou
18 matches
Mail list logo
