Re: Debian derivatives census: repository OpenPGP key distribution?

To: debian-derivatives@lists.debian.org
Subject: Re: Debian derivatives census: repository OpenPGP key distribution?
From: Paul Wise <pabs@debian.org>
Date: Fri, 10 May 2019 13:31:06 +0800
Message-id: <[🔎] CAKTje6Ebgkuyy3_jsyCvLCv7k0UcW49Nzhu=zO-8wSELLy_nDA@mail.gmail.com>
In-reply-to: <[🔎] 1c59f103-f386-bc88-aafa-9f38b54e2ffe@wazo.community>
References: <[🔎] 100ecdf84ae9777ef7d5df41a969d7fb3273b963.camel@debian.org> <[🔎] 1c59f103-f386-bc88-aafa-9f38b54e2ffe@wazo.community>

On Fri, May 10, 2019 at 4:20 AM Sébastien Duthil wrote:

> In case of a key being compromised, then I guess a manual intervention
> would be required to revoke the compromised key and to replace it. I
> would love to read a better answer though.

One option is to pre-generate the next key, include it in your keyring
package then remove the old key if it gets compromised. You can also
do this replacement on a regular basis, such as once per release. I
think this is how Debian's keys work.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: Debian derivatives census: repository OpenPGP key distribution?
  - From: "sduthil@wazo.io" <sduthil@wazo.io>

References:
- Debian derivatives census: repository OpenPGP key distribution?
  - From: Paul Wise <pabs@debian.org>
- Re: Debian derivatives census: repository OpenPGP key distribution?
  - From: Sébastien Duthil <sduthil@wazo.community>

Prev by Date: Re: Debian derivatives census: repository OpenPGP key distribution?
Next by Date: Debian derivatives census: CoreBiz: welcome Achim Leitner!
Previous by thread: Re: Debian derivatives census: repository OpenPGP key distribution?
Next by thread: Re: Debian derivatives census: repository OpenPGP key distribution?
Index(es):
- Date
- Thread