Re: apt 0.6 in experimental

To: debian-devel@lists.debian.org
Subject: Re: apt 0.6 in experimental
From: David B Harris <dbharris@eelf.ddts.net>
Date: Sun, 28 Dec 2003 01:47:47 -0500
Message-id: <[🔎] 20031228014747.10b0f3e1.dbharris@eelf.ddts.net>
In-reply-to: <[🔎] 20031227202545.GV17472@alcor.net>
References: <[🔎] 20031226234444.GN17472@alcor.net> <[🔎] 20031227071101.GA4428@kitenet.net> <[🔎] 20031227201615.GQ17472@alcor.net> <[🔎] 20031227202545.GV17472@alcor.net>

On Sat, 27 Dec 2003 12:25:45 -0800
Matt Zimmerman <mdz@debian.org> wrote:
> > That key is "Debian Archive Automatic Signing Key (2003)
> > <ftpmaster@debian.org>" which I thought was supposed to be revoked due to
> > the compromise.
> 
> That key is also still used to sign stable, stable/non-US and
> proposed-updates/non-US, though proposed-updates is signed with the new v2
> key.

I was actually going to ask - what happens to stable users when either a
release takes longer than a year to get out, or they want to skip a
stable version and go for the one after?

Perhaps an archive signing key for each dist, instead of one for each
year? Several of each should probably be generated, too, and all but the
live one kept offline in different locations, in case of compromise.

Unless I'm way off?

Reply to:

Follow-Ups:
- Re: apt 0.6 in experimental
  - From: Matt Zimmerman <mdz@debian.org>

References:
- apt 0.6 in experimental
  - From: Matt Zimmerman <mdz@debian.org>
- Re: apt 0.6 in experimental
  - From: Joey Hess <joey@kitenet.net>
- Re: apt 0.6 in experimental
  - From: Matt Zimmerman <mdz@debian.org>
- Re: apt 0.6 in experimental
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: apt 0.6 in experimental
Next by Date: Re: apt 0.6 in experimental
Previous by thread: Re: apt 0.6 in experimental
Next by thread: Re: apt 0.6 in experimental
Index(es):
- Date
- Thread