[Paul TBBle Hampson] > Although as Steve Langasek has pointed out, the Sarge->Etch upgrade > will be hard unless the etch key becomes available to Sarge users > who've not touched their system since Sarge r0a... I guess this comes > down to making the etch key available in some kind of Sarge-signed > repository Do sarge systems verify the archive key anyway? I thought apt 0.5.28 didn't. But for etch moving forward, I like the ideas I've heard so far about release keys: 1) One key per stable release. The key is generated a month or so before the release, however long is needed to ensure that it be shipped in d-i. This key is then used for the entire length that that release is supported (thus the archive is signed by the keys from both stable and oldstable) - in practice I guess the overlap goes a year or so. 2) The per-release key obviously can't expire exactly when it should, since the release cycle isn't completely predictable, to put it mildly. It might be set to live 4 years or so, and can be revoked later as "superceded". 3) Separate keys for other archives - all of the above applies to security, volatile, and amd64 as well. (Unless amd64 makes it to ftp.debian.org before etch.)
Attachment:
signature.asc
Description: Digital signature