[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

PGP key-management guru needed


I (once again) just read Jonathan Walther's Key-Signing HOWTO
(http://master.debian.org/~krooger/HOWTO-PGP-Key-Signing) and noticed
that a detail that seem quite important to me has still not been
addressed yet:

Adding all the deb developpers' keys to one's public ring is nice, but 
what about debian-keyring updates, which will in some circumstances
_DROP_ some keys ?

-> Is a public keyring file able to track the source-keyring and will
obsolete keys be removed on next import ?

-> Do we have to track the changes (changelog.Debian or diff'ing "pgp
-kv" output) and remove these keys by hand ?

-> Would it be acceptable to modify pgp so that it systematically or
optionally trust /usr/share/keyrings/debian.pgp ?  I guess that
allowing to specify multiple keyrings on the command line would be
enough - it would remove the need to import the constantly evolving
keyring.  OTOH it means you trust any update of this file ;)

Yann Dirson <dirson@debian.org>

Reply to: