On Sun, 13 Aug 2017, KatolaZ wrote:
> On Sat, Aug 12, 2017 at 02:34:27PM +0200, Jaromil wrote:
> > I believe only option B or C are desirable
> > since we do want to have cryptographic
> > traceability of the signing infrastructure
> >
> > also I agree B is the best option.
> >
>
> OK, if we go with option B (a subkey of the current key) who can
> generate a subkey for the new amprolla?
Whoever has root on the current amprolla machine.
> If we go for option C (a brand-new key) we can generate the new key
> immediately and directly on the new amprolla instance.
>
> I guess that in both cases we must update devuan-keyring, right?
We do, yes.
--
~ parazyd
GnuPG: 03337671FDE75BB6A85EC91FB876CB44FA1B0274
GnuPG:
https://parazyd.cf/FA1B0274.asc