Re: Secure APT Key Management
Martin Schulze <firstname.lastname@example.org> writes:
> Andreas Barth wrote:
>> I try to summarize the results of the discussion from start of August,
>> in hope that we can finish this off, and test-run this first for the
>> next stable point release. From the security team, some input on their
>> preference would be welcome.
>> The idea is to have different keys:
>> - One standard online-key for signing unstable; this key would be
>> rotated e.g. yearly (or whatever the ftp-masters consider fit, I don't
>> really mind).
>> - One release key per stable release; taken care offline by the stable
>> release team.
>> - One security key per stable release; taken care somehow by the
>> security team.
Sorry for not following the discussion closely but what happened to
having the current signing key(ring) in dists/suite/Release.key with
signatures by the ftp-master team (and/or security as appropriate)?