[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: Please PGP-sign releases
From: Eli Schwartz <eschwartz () archlinux ! org>
Date: 2018-06-05 16:53:19
Message-ID: 9bb419d3-b013-6e88-4a34-6b12b8de8ae6 () archlinux ! org
[Download RAW message or body]
On 06/05/2018 12:05 PM, Denys Vlasenko wrote:
>> As a separate issue, the current signing key is dsa1024 which is
>> extremely old and not considered to be secure. It would be in general a
>> good idea to create a new rsa4096 key and use that going forward.
>
> Can you expand on this? I'm no distro maintainer and have absolutely
> zero idea what would be the most comfortable for you guys.
There's a plethora of advice out there for generating signing keys, but
here's one decent link:
https://help.github.com/articles/generating-a-new-gpg-key/#generating-a-gpg-key
Basically, just make sure you generate a new key, using the current
default "RSA and RSA", and bump the key size upward from 2048 to 4096
(because cryptography is only getting better both in security and in
breaking it, so there's no reason to use anything but the strongest
version).
--
Eli Schwartz
Bug Wrangler and Trusted User
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic