Status of the Debian OpenPGP keyring -- Gunnar Wolf

2014-08-25 11:00..11:45 in Room 327

The Debian OpenPGP keyring is a vital part of the project's infrastructure: It provides a secure way to ensure each participant's identity in a way amenable to the geographically distributed nature of the project, and is used for basically all actions requiring authentication — Package uploads, General Resolution votes, mails to the =-announce= lists, etc.

For several years already, the keyring maintenance team has been pushing to migrate to more secure keys. In July 2010, the last PGPv3 keys were replaced. The current push is to get developers to migrate from older 1024D keys to (at least) 4096R keys.

In this talk, we want to:

  • Introduce keyring-maint's work processes and policies, to get them better understood by the overall Debian community
  • Present the migration process to stronger keys in numbers, highlighting the migration rhythm and possible issues
  • Delineate a consensuated migration plan, with deadlines to be followed, to allow for a complete migration to 4096R and higher keys
  • Reviewing, as a group, what constitutes proper identification and what we require.
  • Address all of your questions regarding keyring maintenance in Debian



Gunnar Wolf