howto secure older keys after the recent attacks

[Robert J. Hansen]

Philippe Cerfon wrote:
> But now that you say it. Would it be "better" to not just check other
> keys via their fingerprint, but to really copy them (e.g. per
> USB-stick) from their owners and sign only such direct copies?

No.

Sharing media is a great way to spread malware.  Don't do that to your
friends.  Use the keyserver network.

SHA-1 is in trouble, but it's not dead yet, and regular users should not
be worried about it.