I started a key transition around DebConf last year upgrading from my 1024-bit GPG key I've had about as long as I've had this blog. At the time, Debian's requirements for new maintainers was 2048 bits, so that's what I used. It's now 4096 bits. I learned this as I was preparing to send an email to newmaint asking to become a DM. So that's a bit of a waste. I have signatures on both the old ones, so below I will include a blurb signed by each of the old keys in case one of the previous signers is willing to take that as proof enough to sign the new one. Yes, the new key is signed by both of the old ones.
- Old keyID: BC8D3269 - blurb signed by old key
- Old new keyID: 340950E8 - blurb signed by old new key
- New new keyID: 36535A82 - blurb signed by new key
I'll be revoking the old 1024-bit key by my birthday (1 September). The 2048 one will probably stick around at least until after the next thing I go to with lots of Debian & Ubuntu folks, to allow the new one time to get more signatures, since I hear weakening your spot in the web of trust is a bad thing.