It’s been a few months, various things have happened and so it’s
probably time for another keyring-maint update.
New keyring-maint member
First up I’d like to welcome Gunnar Wolf to keyring-maint. I’ve been
aware for some time (and if I hadn’t been there were plenty of people
reminding me that with just one person working on it keyring was at
risk of becoming a bottleneck, so I took the opportunity at DebConf to
have a few discussions about people who could possibly help out. Gunnar
has foolishly^Wgraciously stepped up to the plate and has been putting
up with various brain dump emails from me about how things work. The
plan is we’ll get these tidied up and made public for reference, but at
present we’re working on getting him fully up to speed as a priority.
(If you weren’t at DebConf you can see how it happened at .)
PGPv3 removal continues
I mentioned back in May that I’d started chasing DDs with both v3 and
v4 keys in our keyrings about removing the v3 keys. Many people
responded and confirmed it was ok to remove the v3 key immediately. A
few stragglers wanted to hold off and check things out. And
unfortunately a few failed to reply to repeated mails and I submitted
them to the MIA team for investigation. I’ve now extended my reach to
all remaining v3 keys, asking people if they have a suitable v4 key and
pointing them at instructions for creating a new one if not. We’re down
to 58 v3 keys; if you’re one of them and haven’t reply to my mail please
do so. It would be great if we could get rid of them all by Christmas.
SHA2 capable key replacements
Various key updates have been trickling in (moreso post DebConf)
updating keys to be SHA2 capable. I’ve been pushing back a bit on those
keys that aren’t particularly well signed and so far I think the WoT is
keeping reasonably strong. Please do make an effort to try and get you
key as well signed as possible before requesting replacement.
DM keyring added to keyring.debian.org
Another positive thing to come from discussions at DebConf was moving
the Debian Maintainers keyring to be part of keyring.debian.org. This
means it is distributed around the debian.org infrastructure in the same
way as the DD keyring. The FTP masters have already taken advantage of
this by enabling DM uploads on various extra upload queues. Decisions
about DMs are still made by the DM admin team; keyring-maint is merely
responsible for acting on their requests to add new keys.
— I am afraid of the dark. This .sig brought to you by the letter L and the number 10 Product of the Republic of HuggieTag