• People
  • Site wizard
  • Wiki help
  • syed
    DDPO Portfolio Contributor
  • Login
  1. Syed Shahrukh Hussain
  2. Debian Maintainer
  3. 1532: Key consistency checks

Key consistency checks

This requirement looks incomplete.

Potential problems

  • no UID found that fully satisfies requirements

Every Debian member needs a GPG key of sufficient strength. In addition, all keys should be certified so we can link them to a real-world identity.

The normal requirements are:

  • the key should be type RSA and version 4 or greater, or an Eliptic Curve based key
  • the key should have the sign, certify and encrypt capabilities (subkeys are encouraged)
  • for an RSA key, the primary cryptographic material should be at least 4096 bits
  • the UIDs used by an applicant to work in the project should be signed (certified) by at least two existing Debian members (1 for DM applications)
  • as an alternative to the previous requirement, the key can be endorsed (see link at the bottom of the page) by multiple Debian Members (the number of required endorsements depends on the endorsement's age and nature)
  • pseudonyms or anonymity are acceptable in certain circumstances

If the key does not meet these requirements, and you would struggle to create one which does, contact Front Desk.

Keys are first searched in hkps://keyring.debian.org. If no key is found, then the key will be imported from hkps://keyserver.ubuntu.com/. Please ensure that you have sent your key to Ubuntu's key server. Sending public keys to keyring.debian.org will only work if your key is already in Debian's keyring and will only be taken into account after the Keyring Maintainers updated it. For Debian Maintainers and Developers, please remember to send your key to both servers.

This check will be approved manually by Front Desk as the application progresses.

Key check results

OpenPGP fingerprint 9637 1243 73C1 3019 BE11 4BCC EB62 B105 7DE7 A8B1
Main key ok (last updated: 2026-04-01 06:37 UTC)
UID Syed Shahrukh Hussain <syed.shahrukh, ossrevival.org> ok, 0 non-DD sigs, 0 DD sigs:
  • none

Active key endorsements

Endorsed by Date Statement Actions
jcfp 2026-04-24
(2 days ago)		 
For nm.debian.org, at 2026-04-24:
Since late summer of last year, I have worked with Syed Shahrukh Hussain on
various package adoptions and QA uploads. For this past work, Syed Shahrukh
Hussain sent mails using the email address syed.shahrukh@ossrevival.org which
is the one he's using on nm.debian.org, and he consistently signed their git
commits on salsa and occasionally email messages as well using GPG key 9637
1243 73C1 3019 BE11 4BCC EB62 B105 7DE7 A8B1.

I've made sure that he is able to decrypt encrypted messages sent to this key
and sign messages with the same key.

Examples of contributions signed with the relevant  key are here:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103390;msg=79
https://salsa.debian.org/syed/sqlcipher/-/commit/a832d8f169b287052520206b91cf53723562d5e0
https://salsa.debian.org/debian/cramfsswap/-/commits/6fa9f2a26a0d4cbf085571a4658e378eac971f28
https://salsa.debian.org/debian/gnunet/-/commits/0c2763b0a2c168acb5563e40549361e17a52ab10
https://salsa.debian.org/debian/giftrans/-/commits/363f7ad91fc77ff44fdb381f6563471cbe9116d5
https://salsa.debian.org/debian/filter/-/commits/9f63e9ee682c725122c90baf3c99c93fcd259860
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127639#17

In light of the above, I'm convinced that Syed Shahrukh Hussain is the
rightful owner of both the email address syed.shahrukh@ossrevival.org and the
GPG key 9637 1243 73C1 3019 BE11 4BCC EB62 B105 7DE7 A8B1.
Signed with key D3F0 E02E C45A 938E 1D67 229E C434 9665 5925 B604 		View raw
byang 2026-04-03
(3 weeks, 1 day ago)		 
For nm.debian.org, at 2026-04-03:
For the past 3 months, I have worked with Syed Shahrukh Hussain on multiple Debian packages.

For this past work, Syed Shahrukh Hussain sent mails using the email address syed.shahrukh@ossrevival.org
which is the one they're using on nm.debian.org, and they signed their work and
email using a GPG key with fingerprint 9637 1243 73C1 3019 BE11  4BCC EB62 B105 7DE7 A8B1.

I've made sure that they are able to decrypt encrypted messages sent to this key
and that they're able to sign messages with the same key.

Due to the long-term interactions we had, I'm convinced that Syed Shahrukh Hussain as they
present themselves on nm.debian.org is the rightful owner of both email
syed.shahrukh@ossrevival.org and GPG key 9637 1243 73C1 3019 BE11  4BCC EB62 B105 7DE7 A8B1.
Signed with key 7E77 2947 6D87 D6F1 1D91 ACCB C293 E7B4 6182 5ACE 		View raw

Log

Date Author Action Content Public
2026-04-18 17:57 syed - Thank you Mattia for your attention. Please suggest minimum months required for key endorsement to be considered better than weak. I am geographically located in Lahore, Pakistan with no access to DD's offering key signing and I don't have the financial standing to join DebConf where Debian Developers are in reach for multiple key signing. So the best I can do is to ask for key endorsement from my DD mentors/sponsors. yes
2026-04-16 11:55 mattia - Hello. I'd say this requirements need something else. An endorsement of a key after only 3 months of work is kind of weak. yes

Copyright © 2012--2020 Debian Front Desk. Source code is available on Salsa. Report bugs on Salsa or the Debian BTS.

This page is also available in the following languages: , , , ,