Re: Debian derivatives census: repository OpenPGP key distribution?
On Fri, May 10, 2019 at 4:20 AM Sébastien Duthil wrote:
> In case of a key being compromised, then I guess a manual intervention
> would be required to revoke the compromised key and to replace it. I
> would love to read a better answer though.
One option is to pre-generate the next key, include it in your keyring
package then remove the old key if it gets compromised. You can also
do this replacement on a regular basis, such as once per release. I
think this is how Debian's keys work.