[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian derivatives census: repository OpenPGP key distribution?

On Fri, May 10, 2019 at 4:20 AM Sébastien Duthil wrote:

> In case of a key being compromised, then I guess a manual intervention
> would be required to revoke the compromised key and to replace it. I
> would love to read a better answer though.

One option is to pre-generate the next key, include it in your keyring
package then remove the old key if it gets compromised. You can also
do this replacement on a regular basis, such as once per release. I
think this is how Debian's keys work.



Reply to: