[Catalog-sig] User profile: PGP Key ID
Giovanni Bajo
rasky at develer.com
Wed Feb 20 20:56:45 CET 2013
Il giorno 20/feb/2013, alle ore 19:44, Bernhard Seibold <bernhard.seibold at gmail.com> ha scritto:
> Hi!
>
> I noticed that in the user profile, the PGP Key ID is 8 hex digits only. This is a bad idea:
>
> http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html
>
> Honestly I don't know what that Key ID is used for, but it should be either fixed or removed.
Thanks, we are in the process of defining an overhaul of the security of PyPI, and removing short key IDs is already considered:
https://docs.google.com/a/develer.com/document/d/1DgQdDCZY5LiTY5mvfxVVE4MTWiaqIGccK3QCUI8np4k/edit
(see task #10: Use GPG key fingerprints instead of short IDs)
--
Giovanni Bajo :: rasky at develer.com
Develer S.r.l. :: http://www.develer.com
My Blog: http://giovanni.bajo.it
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4346 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130220/c49b77c0/attachment.bin>
More information about the Catalog-SIG
mailing list