Key consistency checks

This requirement has been approved by Jonathan McDowell <noodles@earth.li> 7 years, 4 months ago.

This process has been closed by gwolf on 2017-10-31: no further modifications are possible.

Every Debian member needs a GPG key of sufficient strength. In addition, all keys should be certified so we can link them to a real-world identity.

The normal requirements are:

the key should be type RSA and version 4 or greater
the key should have the sign, certify and encrypt capabilities (subkeys are encouraged)
the primary cryptographic material should be at least 4096 bits
the UIDs used by an applicant to work in the project should be signed by at least two existing Debian members (1 for DM applications)
as an alternative to the previous requirement, the key can be endorsed (see link at the bottom of the page) by multiple Debian Members (the number of required endorsements depends on the endorsement's age and nature)
pseudonyms or anonymity are acceptable in certain circumstances

If the key does not meet these requirements, and you would struggle to create one which does, contact Front Desk.

Keys are first searched in hkps://keyring.debian.org. If no key is found, then the key will be imported from hkps://keyserver.ubuntu.com/. Please ensure that you have sent your key to Ubuntu's key server. Sending public keys to keyring.debian.org will only work if your key is already in Debian's keyring and will only be taken into account after the Keyring Maintainers updated it. For Debian Maintainers and Developers, please remember to send your key to both servers.

This check will be approved manually by Front Desk as the application progresses.

Key check results

OpenPGP fingerprint	408A E4F1 4EA7 33EF 1265 82C1 B195 E1C4 779B A9B2
Main key	ok (last updated: 2025-01-26 12:36 UTC)
UID Chris West (Faux) <chrisrwest, gmail.com>	ok, 1 non-DD sigs, 2 DD sigs: 8A0A48874687AF4F: Toni Mueller <toni@debian.org> 1E953E27D4311E58: Chris Lamb <chris@chris-lamb.co.uk>
UID Chris West (Faux) <gpg, goeswhere.com>	ok, 1 non-DD sigs, 2 DD sigs: 8A0A48874687AF4F: Toni Mueller <toni@debian.org> 1E953E27D4311E58: Chris Lamb <chris@chris-lamb.co.uk>

Active key endorsements

Endorsed by	Date	Statement	Actions

Log

Date	Author	Action	Content	Public
2017-09-25 21:24	noodles	req_approve	I'm not worried about the Debian infrastructure (though I can't comment on the email setup there), but email interactions as part of Debian tend to involve non-Debian email systems even when it's between DDs, and I'd worry about the risk that people would treat .xxx as more likely originating spam. Something to be aware of, I feel. I still think that the email address you're planning to use for your primary Debian work should really be on the key, but not enough to hold up approving the keycheck.	yes
2017-09-17 20:13	faux	-	I am unconcerned about the email address used; [many things]@goeswhere.com, [many things]@fau.xxx are all identical (they all arrive at the same mailbox; they all have exactly the same DNS and mailserver config). This is the main reason I haven't added extra uids to the key, they mostly exist to reduce the clarity of usage of the key. "If you wish to contact me via. gmail, use one. If you wish to contact me otherwise, use the other." (which does not go through a 3rd party). I have had no issues with the .xxx domain being used as a novelty for email, although I have heard rumours (not personally) of corporate networks that block .xxx for websites. I had not considered that this might be an issue for Debian. I will accept a change of account email to gpg, goeswhere.com, if that makes everything easier, but I feel that the loss of clarity is harmful there.	yes
2017-09-16 12:05	noodles	-	While this key technically meets the requirements I'm curious as to why it doesn't have the email address used for the application as a UID, and also about the wisdom of a .xxx domain for a primary email address in terms of systems reliably accepting it?	yes