As Christian mentioned, the Debian Keyring Maintainers did a "promote" this weekend of the new keyring. I figure it's an opportune time to perform a public key transition, since this had the effect of replacing my key on the keyring.
For my new key, 0xF9FDD506, I decided to opt for a 4096-bit RSA, which is stronger than I should have to worry about for the foreseeable future. The key is much better connected than my previous one, 0x0AC70206. I also have a transition document, ripped almost word-for-word from Christian's.
If you signed my previous key, you should sign the new one unless you're feeling extra paranoid today.
JFR, the main potential improvement with such newkey should be moving away from SHA-1 digest to stronger ones, like SHA-256 or SHA-512. You should make sure you use this stronger digest.
ReplyDelete