Re: APT public key updates?

To: debian-devel@lists.debian.org
Subject: Re: APT public key updates?
From: Andreas Barth <aba@not.so.argh.org>
Date: Sat, 7 Jan 2006 23:48:21 +0100
Message-id: <[🔎] 20060107224821.GM21907@mails.so.argh.org>
Mail-followup-to: Andreas Barth <aba@not.so.argh.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20060106120456.GV24652@tennyson.dodds.net>
References: <[🔎] 2fl64oz1tpi.fsf@saruman.uio.no> <[🔎] 1136416078.4526.1.camel@localhost> <[🔎] 20060105200205.GB20228@kitenet.net> <[🔎] 20060105221306.GA8597@top.ping.de> <[🔎] 2flr77mp5lx.fsf@saruman.uio.no> <[🔎] 20060106003106.GD24652@tennyson.dodds.net> <[🔎] 877j9ep4ny.fsf@becket.becket.net> <[🔎] 20060106033836.GG24652@tennyson.dodds.net> <[🔎] 874q4hesjn.fsf@becket.becket.net> <[🔎] 20060106120456.GV24652@tennyson.dodds.net>

* Steve Langasek (vorlon@debian.org) [060106 13:05]:
> The exposure of the archive key is higher, because it sits on an
> Internet-connected, ssh-accessible server.  Also, you don't have to trust
> AJ's key; in contrast with Florian's assessment of the NM-suitability of the
> three ftpmasters, one ftp assistant, and one RM who have signed this key so
> far :), I would encourage you to log into merkel and verify, directly and
> securely, the key at /org/ftp.debian.org/web/ziyi_key_2006.asc; sign it; and
> upload your signature to the public keyservers as well, if you are satisfied
> that this is the key that is being used on ftp-master.debian.org to sign the
> archive.

I disagree with that - having this key sitting on merkel means nothing.
Checking the configuration on /org/ftp.d.o/katie/katie.conf and the
keyring ziyi uses on ftp-master (i.e. spohr) means something.

Cheers,
Andi
-- 
  http://home.arcor.de/andreas-barth/

Reply to:

References:
- APT public key updates?
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: APT public key updates?
  - From: Daniel Leidert <daniel.leidert.spam@gmx.net>
- Re: APT public key updates?
  - From: Joey Hess <joeyh@debian.org>
- Re: APT public key updates?
  - From: Michael Vogt <mvo@debian.org>
- Re: APT public key updates?
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: APT public key updates?
  - From: Steve Langasek <vorlon@debian.org>
- Re: APT public key updates?
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: APT public key updates?
  - From: Steve Langasek <vorlon@debian.org>
- Re: APT public key updates?
  - From: Thomas Bushnell BSG <tb@becket.net>
- Re: APT public key updates?
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: APT public key updates?
Next by Date: Powerfulness (was: tioga : a powerful plotting system in ruby)
Previous by thread: Re: APT public key updates?
Next by thread: Re: APT public key updates?
Index(es):
- Date
- Thread