Re: EC SRM key for bookworm?
On Mon, Mar 06, 2023 at 12:06:17PM +0100, Emilio Pozuelo Monfort wrote:
> Hi Adam,
>
> On 04/03/2023 14:33, Adam D. Barratt wrote:
> > SRM is considering using an ed25519 GPG key for bookworm. Does anyone
> > see any issues with that?
> >
> > We've tested merging signatures from a (different) ed25519 key and an
> > RSA key using dak's "gpg-merge-signatures" script, and gpgv is happy to
> > verify the result on an oldoldstable (Debian 9 / stretch) system.
> >
> > We know that GPG(V) 1.X can't handle EC keys, which means that the
> > signatures won't be verifiable on jessie. jessie is still supported
> > externally via ELTS, but I don't know that anyone's trying to use it to
> > verify signatures from bookworm.
>
> jessie ships gpgv2 from src:gnupg2 alongside gnupg 1.x, so if there was
> anyone affected by this change, I don't think it would be a big issue.
There's an exit then, and since we don't support release skipping it's not
an issue on upgrades either - only if you were bootstrapping bookworm from
jessie, which feels increasingly unlikely these days.
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Reply to: