[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Rotating the dev GPG key
From: |
Ivan Vučica |
Subject: |
Rotating the dev GPG key |
Date: |
Sun, 21 Mar 2021 23:37:31 +0000 |
Hi all,
We are still using a non-expiring 1024-bit DSA key to sign our
releases. If we're spending time on signing the releases in the first
place, this seems a bit silly.
I propose we phase out this key; after this batch of releases, we
should use it to sign a new key and then discontinue its use. I am not
sure whether to suggest revocation, or setting some short expiration
date.
If we agree to do that, I can do this, and coordinate delivering the
new key(s) to maintainers off-list. If I am generating the new key,
I'd also sign the key with my personal key, which has some
FOSDEM-signing-party signatures on it.
Let me know what you think.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Rotating the dev GPG key,
Ivan Vučica <=