gnupgFollowing to the recent announce of a serious possible attack against the SHA-1 digest algorithm, I have just generated new GPG keys.

My personal key 9F71D449 will hence be progressively replaced by my new key: 290D20C5
Its fingerprint is:

092F 4CB5 5F19 E006 1CFD  B489 D32B 8D66 290D 20C5

The old key will continue to be valid for some time (at least until the new one get signed by a Debian Developer, in order to be included in the DM keyring), but I prefer all future correspondence to come to the new one.

Transition statement signed by both keys is available at: http://www.kirya.net/~julien/GPG-key-transition_20090508.txt

They key used for my personal package repository (FBABB737) has already been revoked and replaced by E435C74B, with the following fingerprint:

D17A A78F 7992 A07D 9D85  517C C3E1 8B20 E435 C74B

You have to make apt-key aware of this change:

wget -O - http://packages.kirya.net/Kirya.netDebianpackagesVerificationKey.asc | apt-key add -

Transition statement signed by both keys is available at: http://packages.kirya.net/GPG-key-transition_20090508.txt

Also note I have generated the key with ID 90A9E71B and got it sent to public servers by mistake. I do not own the private key hence I cannot revoke it: make sure you do not use it!