Replacement GPG key for Sasha Levin

Replacement GPG key for Sasha Levin

[Sasha Levin]

[-- Attachment #1: Type: text/plain, Size: 198 bytes --]

Hi folks,

Please add my new ed25519 GPG key to the keyring, replacing my old RSA-4096 key
(E27E5D8A3403A2EF66873BBCDEA66FF797772CDC). The new key is cross-signed by the
old one.

-- 
Thanks,
Sasha

[-- Attachment #2: new-key-57AB7D308C6C3472B80615F19ECABE406425237A.asc --]
[-- Type: application/pgp-keys, Size: 1802 bytes --]

Re: Replacement GPG key for Sasha Levin

[Uwe Kleine-König]

[-- Attachment #1: Type: text/plain, Size: 1048 bytes --]

Hello Sasha,

On Tue, Mar 24, 2026 at 08:49:53PM -0400, Sasha Levin wrote:
> Please add my new ed25519 GPG key to the keyring, replacing my old RSA-4096 key
> (E27E5D8A3403A2EF66873BBCDEA66FF797772CDC).

In contrast to the old certificate the new one makes `sq cert lint`
happy, so that's a good step. (The old one resulted in
	Certificate DEA66FF797772CDC contains a User ID (Sasha Levin <alexander.levin@verizon.com>) protected by SHA-1
	Certificate DEA66FF797772CDC contains a User ID (Sasha Levin <sasha.levin@oracle.com>) protected by SHA-1
	Certificate DEA66FF797772CDC, key D0065D755EB09DBB uses a SHA-1-protected binding signature.
.)

> The new key is cross-signed by the old one.

The old cert only has a single trust path (see
https://git.kernel.org/pub/scm/docs/kernel/pgpkeys.git/plain/graphs/DEA66FF797772CDC.svg),
as the new cert is only signed by the old, it also only has a single path
through the old one. It would be great to improve that, still because
that single path goes away when the old cert is removed.

Best regards
Uwe

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: Replacement GPG key for Sasha Levin

[Sasha Levin]

On Wed, Mar 25, 2026 at 07:28:40AM +0100, Uwe Kleine-König wrote:
>Hello Sasha,
>
>On Tue, Mar 24, 2026 at 08:49:53PM -0400, Sasha Levin wrote:
>> Please add my new ed25519 GPG key to the keyring, replacing my old RSA-4096 key
>> (E27E5D8A3403A2EF66873BBCDEA66FF797772CDC).
>
>In contrast to the old certificate the new one makes `sq cert lint`
>happy, so that's a good step. (The old one resulted in
>	Certificate DEA66FF797772CDC contains a User ID (Sasha Levin <alexander.levin@verizon.com>) protected by SHA-1
>	Certificate DEA66FF797772CDC contains a User ID (Sasha Levin <sasha.levin@oracle.com>) protected by SHA-1
>	Certificate DEA66FF797772CDC, key D0065D755EB09DBB uses a SHA-1-protected binding signature.
>.)
>
>> The new key is cross-signed by the old one.
>
>The old cert only has a single trust path (see
>https://git.kernel.org/pub/scm/docs/kernel/pgpkeys.git/plain/graphs/DEA66FF797772CDC.svg),
>as the new cert is only signed by the old, it also only has a single path
>through the old one. It would be great to improve that, still because
>that single path goes away when the old cert is removed.

Ugh... I thought I had a few more signatures there.

Thanks for pointing it out. Looks like I need to ask a few folks for signatures
during LPC/LSF :)

-- 
Thanks,
Sasha

Re: Replacement GPG key for Sasha Levin

[Konstantin Ryabitsev]

On Tue, Mar 24, 2026 at 08:49:53PM -0400, Sasha Levin wrote:
> Hi folks,
> 
> Please add my new ed25519 GPG key to the keyring, replacing my old RSA-4096 key
> (E27E5D8A3403A2EF66873BBCDEA66FF797772CDC). The new key is cross-signed by the
> old one.

Added.

Thanks,
-- 
KR