commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benedikt Ritter <brit...@apache.org>
Subject Re: Replacing Old Keys (was Re: [VOTE] Release Commons Compress 1.9 Based on RC1)
Date Thu, 09 Oct 2014 17:59:47 GMT
keybase.io also is a nice new tool for sharing keys... although it's not as
good as meeting in public. As for the beer with Emmanuel: Count me in :-)

2014-10-06 17:28 GMT+02:00 sebb <sebbaz@gmail.com>:

> On 6 October 2014 12:26, Stefan Bodewig <bodewig@apache.org> wrote:
> > On 2014-10-06, sebb wrote:
> >
> >> On 6 October 2014 08:16, Stefan Bodewig <bodewig@apache.org> wrote:
> >
> >>>> Just a note on the GPG key, it might be a good idea to upgrade to a
> >>>> stronger one. 1024 bits keys are discouraged nowadays.
> >
> >>>> http://www.apache.org/dev/release-signing
> >
> >>> I know, but leaving behind a key that has accumulated signatures over
> >>> more than ten years is hard ...
> >
> >> I assume that the people who signed your key trust that it is still
> yours.
> >
> >> If you use it to sign your new key, is that not sufficient?
> >
> > Right, at least in a way.
> >
> > If I created a new key and signed it with the old one the WOT would
> > still be there in a transitive way.  But a direct signature conveys more
> > trust (in a GnuPG sense of trust) than a transitive one along the graph.
> >
> > Creating a new key is somewhere down my todo list but I shy away from
> > the hassle of asking all people who signed the old key to also sign the
> > new one so the new one won't be worth less.
>
> What I meant was: the people who signed your current key might be
> prepared to sign your new key without needing to meet in person and
> exchange details. So the effort would be much less than for the first
> signing.
>
> > Stefan
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > For additional commands, e-mail: dev-help@commons.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>


-- 
http://people.apache.org/~britter/
http://www.systemoutprintln.de/
http://twitter.com/BenediktRitter
http://github.com/britter

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message