You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Herve Boutemy (JIRA)" <ji...@codehaus.org> on 2014/12/26 13:47:11 UTC

[jira] (MNGSITE-216) Obsolete instructions in http://maven.apache.org/developers/release/pmc-gpg-keys.html

     [ https://jira.codehaus.org/browse/MNGSITE-216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Herve Boutemy moved MNG-5746 to MNGSITE-216:
--------------------------------------------

     Complexity:   (was: Intermediate)
    Component/s:     (was: Documentation:  General)
            Key: MNGSITE-216  (was: MNG-5746)
        Project: Maven Project Web Site  (was: Maven)

> Obsolete instructions in http://maven.apache.org/developers/release/pmc-gpg-keys.html
> -------------------------------------------------------------------------------------
>
>                 Key: MNGSITE-216
>                 URL: https://jira.codehaus.org/browse/MNGSITE-216
>             Project: Maven Project Web Site
>          Issue Type: Bug
>         Environment: GnuPG
>            Reporter: Tibor Digana
>            Priority: Critical
>
> Me as a new Committer had to register public GnuPG key. Few parts of this documentation were not maintained as it seems.
> http://maven.apache.org/developers/release/pmc-gpg-keys.html
> The DSA algorithm is nowadays considered not secure enough. Therefore RSA should be chosen:
> (1) DSA and Elgamal (default)
> Your selection? 1
> DSA keypair will have 1024 bits.
> DSA Key size is nowadays too short even for RSA and should be 4096:
> What keysize do you want? (2048) 2048
> Requested keysize is 2048 bits
> Password was not entered. Here we have different opinions. From my PoV no password might be ok for signature verification. The Committers use to keep their keys in .gpg folder on their private laptops and they do not distribute them in CI systems.
> You need a Passphrase to protect your secret key.
> You don't want a passphrase - this is probably a *bad* idea!
> I will do it anyway.  You can change your passphrase at any time,
> using this program with the option "--edit-key".



--
This message was sent by Atlassian JIRA
(v6.1.6#6162)