Bug#619751: debian-installer: should upgrade debian-archive-keyring from the main mirror before attemping to fetch from security

[Torsten Werner <email@twerner42.de>]

Hi,

Am 26.03.2011 19:34, schrieb Philipp Kern:
> So what should happen in this case: If you can connect to a mirror and have a
> trust path to it, check if a new version of debian-archive-keyring is
> available.  If so, upgrade it and update the package lists.  Only then try to
> connect to security.  The trust path to the main mirror will be the stable
> release key that's fixed for the whole stable release lifetime.

d-i should even be prepared for the emergency case where the archive key
has been compromised somehow and the trust chain breaks. It could
display the current fingerprint to the user and ask him if it is okay to
continue.

Torsten