On Mon, Jan 31, 2005 at 12:51:14PM -0200, Henrique de Moraes Holschuh wrote: > On Mon, 31 Jan 2005, Anthony Towns wrote: > > Steve Kowalik wrote: > > >On Sun, 30 Jan 2005 06:21:26 -0500, Anthony DeRobertis uttered > > >>I suspect this has to do with > > >>http://http.us.debian.org/debian/dists/testing/Release.gpg being an > > >>empty file. Stable still has a signature; what happaned? > > >If I remember the conversation on IRC correctly, the archive GPG key > > >expired ... > > Thus marking almost four years since we've had support for this on the > > server, and still no support for it on the client, even in unstable. *sigh* > > Anyway, should be fixed as of tomorrow. New key at > > http://ftp-master.debian.org/ziyi_key_2005.asc > Would the relevant people mind signing this key so that it is at least worth > something? Currently it is signed by the old archive key, which IS an > unprotected key (as in no passphrase) AFAIK. And common sense says it is > also a signature we can never trust on another ziyi key, since anyone who > could replace a ziyi key could probably sign the replacement key with the > old one. I don't know that I'm one of the "relevant people", but since the issue came up and I do have a trusted path to the data on ftp-master, I've gone ahead and signed the 2005 key. I don't have access to push this to http://ftp-master/, though, so my sig is only available by updating from a keyserver. Cheers, -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature