From: | "Paweł Hajdan |
---|---|
To: | gentoo-project@l.g.o |
Subject: | [gentoo-project] let's stop using short gpg key ids, that's insecure |
Date: | Mon, 02 Jan 2012 14:48:03 |
Message-Id: | 4F01C37B.6000305@gentoo.org |
1 | You've probably read (or should) |
2 | <http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html> |
3 | which describes why using short gpg key ids is insecure. |
4 | |
5 | Note it's about IDs, i.e. 0x30427902 vs. 0xB9442D9430427902 (it's short |
6 | and long ID of my current key), not the keys themselves. That means no |
7 | need to change keys, just change the way we display them on web pages |
8 | and possibly in other places. |
9 | |
10 | What do you think? Should I file a bug to convert e.g. |
11 | http://www.gentoo.org/proj/en/devrel/roll-call/userinfo.xml ? Or do we |
12 | only have short key IDs in LDAP, which would require everyone to submit |
13 | the full ID? |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |
Subject | Author |
---|---|
Re: [gentoo-project] let's stop using short gpg key ids, that's insecure | "Chí-Thanh Christopher Nguyễn" <chithanh@g.o> |
Re: [gentoo-project] let's stop using short gpg key ids, that's insecure | "Michał Górny" <mgorny@g.o> |