To the Debian Keyring Team and fellow Developers,

In 2025-12 I reported via an email to -private@l.d.o the loss of my hardware token, which carries a set of signing, encryption, and authentication subkeys:

S 46BF 841E EC57 DECA 6F53 EFE9
E 7510 4D51 0F9B 9ED4 D176 E88A
A EAD3 8D59 71EB D00F 03F1 D063

Following the report, a Keyring Team member promptly removed my key from the developer keyring.

I revoked the affected subkeys listed above, and uploaded the revocations to the
keyservers at keyserver.ubuntu.com and keys.openpgp.org.

The master key has remained exclusively under my control at all times and was never exported or exposed.

The hardware token was later located in the on-call room at my workplace, where
I had placed it during my on-call shift and overlooked it. My workplace is administrative in nature; my colleagues have no knowledge of cryptography, OpenPGP, or hardware tokens. While I cannot exclude the theoretical possibility
that the token was handled by someone else in the period, there is no indication
of attempt to extract or use the key material, and the context makes compromise
highly unlikely.

As a precautionary measure, I have erased all key materials from the recovered token, then generated a new signing subkey and stored it on a new token. The new
token is under my sole physical control.

This is a public statement as requested to support my upcoming formal reinstatement request to Keyring Team. I am happy to provide any additional details or to undergo further verification as required.

Thank you for your understanding and continued trust.

--
? ,Sdrager
Blair Noctis

??


--- PyGate Linux v1.5.13
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)