Florian Weimer <fw@deneb.enyo.de> wrote: >> Yes, but it breaks a long term usage like web of trust. > > The Debian archive key does not take part in the web of trust. > Anybody who has passed the OpenPGP NM checks should not sign that key. Thats right, I was not refering to the usage as archive key, it was a general comment about trust concepts for key validation. Gruss Bernd