[
https://jira.codehaus.org/browse/MNGSITE-216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Herve Boutemy moved MNG-5746 to MNGSITE-216:
--------------------------------------------
Complexity: (was: Intermediate)
Component/s: (was: Documentation: General)
Key: MNGSITE-216 (was: MNG-5746)
Project: Maven Project Web Site (was: Maven)
> Obsolete instructions in
> http://maven.apache.org/developers/release/pmc-gpg-keys.html
> -------------------------------------------------------------------------------------
>
> Key: MNGSITE-216
> URL: https://jira.codehaus.org/browse/MNGSITE-216
> Project: Maven Project Web Site
> Issue Type: Bug
> Environment: GnuPG
> Reporter: Tibor Digana
> Priority: Critical
>
> Me as a new Committer had to register public GnuPG key. Few parts of this
> documentation were not maintained as it seems.
> http://maven.apache.org/developers/release/pmc-gpg-keys.html
> The DSA algorithm is nowadays considered not secure enough. Therefore RSA
> should be chosen:
> (1) DSA and Elgamal (default)
> Your selection? 1
> DSA keypair will have 1024 bits.
> DSA Key size is nowadays too short even for RSA and should be 4096:
> What keysize do you want? (2048) 2048
> Requested keysize is 2048 bits
> Password was not entered. Here we have different opinions. From my PoV no
> password might be ok for signature verification. The Committers use to keep
> their keys in .gpg folder on their private laptops and they do not distribute
> them in CI systems.
> You need a Passphrase to protect your secret key.
> You don't want a passphrase - this is probably a *bad* idea!
> I will do it anyway. You can change your passphrase at any time,
> using this program with the option "--edit-key".
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
