On Wed, Oct 17, 2012 at 08:53:14AM +0800, Ben de Groot wrote: > > Additionally, while we are NOT enforcing the use of long key-ids > > presently, I strongly encourage ALL developers to move to using them, > > due to known attacks against short ids: > > http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html > > Long key-ids are the 16/24/32 hexdigit long versions of your key ids. > Why not enforce best practices and only accept the above long key-ids? Depending on the age of your key, this is not practical to check quickly. It would require a call out to gpg to expand a given ID, and see if it actually expands or is already expanded. That's actually why the length check is so complicated.
If we don't mind forcing devs & anybody using the signing functionality to replace old keys (they'd be well over a decade at this point), we can drop the length=8 variation in the regex. -- Robin Hugh Johnson Gentoo Linux: Developer, Trustee & Infrastructure Lead E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
