From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-85054-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id A43A3138239
	for <garchives@archives.gentoo.org>; Thu,  5 Jul 2018 20:59:33 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 85910E0BC1;
	Thu,  5 Jul 2018 20:54:28 +0000 (UTC)
Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 1EBAAE0BBB
	for <gentoo-dev@lists.gentoo.org>; Thu,  5 Jul 2018 20:54:28 +0000 (UTC)
Received: from localhost.localdomain (d202-252.icpnet.pl [109.173.202.252])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: mgorny)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 2D5E6335CAF;
	Thu,  5 Jul 2018 20:54:26 +0000 (UTC)
From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Cc: robbat2@gentoo.org,
	=?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
Subject: [gentoo-dev] [PATCH v3 12/12] glep-0063: Disallow using DSA keys
Date: Thu,  5 Jul 2018 22:54:03 +0200
Message-Id: <20180705205403.6530-13-mgorny@gentoo.org>
X-Mailer: git-send-email 2.18.0
In-Reply-To: <20180705205403.6530-1-mgorny@gentoo.org>
References: <20180705205403.6530-1-mgorny@gentoo.org>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
X-Archives-Salt: 959c3069-e584-42a8-b032-8f82f6d2c666
X-Archives-Hash: 4ed9b84751c2c0c41983f626a47c6051

There really is no technical reason to use DSA keys and people who are
still using old DSA keys should finally replace them, so remove them
from the minimal requirements.
---
 glep-0063.rst | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/glep-0063.rst b/glep-0063.rst
index d41a2a0..33cbb67 100644
--- a/glep-0063.rst
+++ b/glep-0063.rst
@@ -36,6 +36,8 @@ v2
   has been added. This is in order to give services and other developers time
   to refresh the key.
 
+  The usage of DSA keys has been disallowed.
+
 v1.1
   The recommended RSA key size has been changed from 4096 bits
   to 2048 bits to match the GnuPG recommendations [#GNUPG-FAQ-11-4]_.
@@ -77,11 +79,9 @@ not be used to commit.
 
 3. Primary key and the signing subkey are both of type EITHER:
 
-   a. DSA, 2048-bit
-
-   b. RSA, >=2048 bits (OpenPGP v4 key format or later only)
+   a. RSA, >=2048 bits (OpenPGP v4 key format or later only)
 
-   c. ECC curve 25519
+   b. ECC curve 25519
 
 4. Expiration date on key and all subkeys set to at most 2 years
 
-- 
2.18.0