Rules for key replacement in the Debian keyring

These are the rules governing what happens if a developer (Alice) wishes to replace her existing key (X) in the Debian keyring with a new key (Y).

NB: Key expiry (by itself) is never a reason to replace a key - instead just change the expiry time on the existent key. See gpg --edit-key and then just submit the updated key to the keyserver as normal.

1. Key Y must be signed by an active Debian developer (Bob) whose key is in the keyring.
2. Alice must get a Debian developer (ideally not Bob) to sign a message requesting the replacement of key X with key Y on behalf of Alice. That statement should contain key fingerprints and Debian login details.
3. If the reason for replacement is 'key X is compromised or no longer valid' then the request for replacement must be accompanied by a revocation certificate for key X.
4. If the reason for the replacement is 'key X was lost' then a revocation certificate should be provided if possible.
5. If the reason is 'I wanted a new key' then the new key must be strictly more secure than the old key and 'reasonably' connected where 'reasonably' is left up to keyring-maint and varies depending on the circumstances of the developer in question.
6. Anything else is at keyring-maint's discretion and, in general, arbitrary key replacements without good cause will be rejected.

Requests for key replacement should be sent to keyring@rt.debian.org, include the phrase "Debian RT" in the subject line (as well as something descriptive obviously) and be inline signed as RT will mangle a PGP/MIME signature.