Re: Secure APT Key Management
* Goswin von Brederlow (email@example.com) [060906 13:52]:
> Martin Schulze <firstname.lastname@example.org> writes:
> > Andreas Barth wrote:
> >> Hi,
> >> I try to summarize the results of the discussion from start of August,
> >> in hope that we can finish this off, and test-run this first for the
> >> next stable point release. From the security team, some input on their
> >> preference would be welcome.
> >> The idea is to have different keys:
> >> - One standard online-key for signing unstable; this key would be
> >> rotated e.g. yearly (or whatever the ftp-masters consider fit, I don't
> >> really mind).
> >> - One release key per stable release; taken care offline by the stable
> >> release team.
> >> - One security key per stable release; taken care somehow by the
> >> security team.
> Sorry for not following the discussion closely but what happened to
> having the current signing key(ring) in dists/suite/Release.key with
> signatures by the ftp-master team (and/or security as appropriate)?
How do you want to make the update on the end-user systems? Please
remember that the updates need to be as easy as possible to them.
This is not argueing against putting the keys somewhere onto the
mirrors, but just as using that as rotation schema.