Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-project
Navigation:
Lists: gentoo-project: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-project@g.o
From: "Paweł Hajdan, Jr." <phajdan.jr@g.o>
Subject: let's stop using short gpg key ids, that's insecure
Date: Mon, 02 Jan 2012 15:47:23 +0100
You've probably read (or should)
<http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html>
which describes why using short gpg key ids is insecure.

Note it's about IDs, i.e. 0x30427902 vs. 0xB9442D9430427902 (it's short
and long ID of my current key), not the keys themselves. That means no
need to change keys, just change the way we display them on web pages
and possibly in other places.

What do you think? Should I file a bug to convert e.g.
http://www.gentoo.org/proj/en/devrel/roll-call/userinfo.xml ? Or do we
only have short key IDs in LDAP, which would require everyone to submit
the full ID?

Attachment:
signature.asc (OpenPGP digital signature)
Replies:
Re: let's stop using short gpg key ids, that's insecure
-- Michał Górny
Re: let's stop using short gpg key ids, that's insecure
-- Chí-Thanh Christopher Nguyễn
Navigation:
Lists: gentoo-project: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
On eclass APIs
Next by thread:
Re: let's stop using short gpg key ids, that's insecure
Previous by date:
Re: On eclass APIs
Next by date:
Re: let's stop using short gpg key ids, that's insecure


Updated Jun 18, 2012

Summary: Archive of the gentoo-project mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.