Rotating the dev GPG key

gnustep-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Rotating the dev GPG key

From:	Ivan Vučica
Subject:	Rotating the dev GPG key
Date:	Sun, 21 Mar 2021 23:37:31 +0000

Hi all,

We are still using a non-expiring 1024-bit DSA key to sign our
releases. If we're spending time on signing the releases in the first
place, this seems a bit silly.

I propose we phase out this key; after this batch of releases, we
should use it to sign a new key and then discontinue its use. I am not
sure whether to suggest revocation, or setting some short expiration
date.

If we agree to do that, I can do this, and coordinate delivering the
new key(s) to maintainers off-list. If I am generating the new key,
I'd also sign the key with my personal key, which has some
FOSDEM-signing-party signatures on it.

Let me know what you think.

[Prev in Thread]

Current Thread

[Next in Thread]

Rotating the dev GPG key, Ivan Vučica <=

Prev by Date: Re: GNUstep releases this month?
Next by Date: Re: GNUstep releases this month?
Previous by thread: Where do we ingest bugreports?
Next by thread: Re: GNUstep on Windows using Clang + MSVC ABI
Index(es):
- Date
- Thread