laying groundwork for an eventual migration away from SHA1 with gpg
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon May 11 07:21:04 CEST 2009
On 05/10/2009 10:46 PM, Robert J. Hansen wrote:
> So here's an idea. Why not write up a recommendation, get people of
> repute within the community to put their names on it, then put it up
> somewhere that people can see it? Part of the problem we're facing is
> that people are scared and doing foolish things, yes -- but a major part
> of the problem is the lack of a coordinated message in response.
>
> There has been a lot of good advice coming from people, but it's
> scattershot, and drowns out in a sea of bad advice. It would be helpful
> to have a single, central recommendation.
I basically wrote that blog entry because i didn't see any concrete
recommendations coming out, felt that something was needed, and i took
my best shot at it. I would really welcome clear recommendations (and
descriptions of forseen problems) from experienced people.
> If there's interest, I'll take a stab at a rough draft of it.
I'd be very interested to read a draft, thanks for offering. If you're
willing to publish it, i'd certainly link to such a statement from my
blog post (which appears to have caused a stir within debian), whether
it ends in general agreement or in sharp criticism.
Thanks for the discussion,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090511/96d50859/attachment.pgp>
More information about the Gnupg-devel
mailing list