juneau-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stian Soiland-Reyes <st...@apache.org>
Subject Re: [VOTE] Release Apache Juneau 6.0.1-incubating RC2
Date Thu, 01 Dec 2016 12:07:19 GMT
James' key is a 2048 RSA which is OK according to
https://www.apache.org/dev/openpgp.html

stain@biggiebuntu:/tmp$ gpg --edit-key BA7D3A86

pub  2048R/BA7D3A86  created: 2016-09-21  expires: never       usage: SC
                     trust: unknown       validity: unknown
sub  2048R/D43ADF28  created: 2016-09-21  expires: never       usage: E


..although the advise for new keys is 4096 bit:

> The next generation of OpenPGP will use SHA-3 when this is ready. It is uncertain how
long this process will take. It is likely that 2048 bit RSA keys with SHA256 hash will be
strong enough for this interim period - but not certain. For those with 2048 bit RSA keys,
the best advice is to wait (after switching to SHA256 or SHA512, of course). All new keys
generated should be RSA with at least 4096 bits.



The reason my oldish key (which signature-wise is just 1024 DES) is so
large is that it includes a tiny photo of me, various email addresses
over the years and some signatures from others.

pub  1024D/A0FFD119  created: 2002-01-20  expires: never       usage: SC
                     trust: ultimate      validity: ultimate

sub  4096g/A8582C11  created: 2013-06-12  revoked: 2014-06-05  usage: E
sub  4096R/4BBAC7C6  created: 2014-06-05  expires: 2017-03-07  usage: E
[ultimate] (1). Stian Soiland-Reyes <stain@apache.org>
[ultimate] (2)  Stian Soiland-Reyes <stian@soiland-reyes.com>
[ultimate] (3)  Stian Soiland-Reyes <soiland-reyes@cs.manchester.ac.uk>
[ultimate] (4)  Stian Soiland <stian@soiland.no>
[ revoked] (5)  Stian Soiland <stian.soiland@ntnu.no>
[ultimate] (6)  Stian Soiland <stain@nvg.org>
[ revoked] (7)  Stian Soiland <stain@itea.ntnu.no>
[ revoked] (8)  Stian Soiland <stain@stud.ntnu.no>
[ultimate] (9)  Stian Soiland <stain@soiland.no>
[ultimate] (10)  [jpeg image of size 9477]
[ultimate] (11)  Stian Soiland <stain@s11.no>
[ revoked] (12)  Stian Soiland <stain@linpro.no>

On 29 November 2016 at 14:45, Jochen Wiedmann <jochen.wiedmann@gmail.com> wrote:
> On Tue, Nov 29, 2016 at 3:26 PM, James Bognar <jamesbognar@apache.org> wrote:
>
>> The release candidate is signed with a GPG key available at:
>> https://dist.apache.org/repos/dist/release/incubator/juneau/KEYS
>
> Nitpick: Your key appears to me to be a bit small. (Comparing the size
> to the other keys in the file.)
>
> Definitely nothing. that could block this release. But might be worth
> changing for the next release.
>
> Jochen
>
>
>
> --
> The next time you hear: "Don't reinvent the wheel!"
>
> http://www.keystonedevelopment.co.uk/wp-content/uploads/2014/10/evolution-of-the-wheel-300x85.jpg



-- 
Stian Soiland-Reyes
http://orcid.org/0000-0001-9842-9718

Mime
View raw message