[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

fingerprint of the archive signing key

As APT 0.6 will check for package signatures, the archive signing
key will become more relevant to our users. However, I currently
cannot find a place on our webpage from which the key is linked, nor
information on how to get it or how to verify it.

I think we should have a page explaining the key and its trust
basis, and also publish the key's fingerprint. If that page could be
SSL-tunneled and signed with a certificate christened by an official
CA (which the SPI would buy), then it'd be basically bulletproof.

I am bringing this up here before filing a bug against
a meta-package because I was slammed down last time I tried to
suggest changes to the website. Thus, I want to reach consensus

Please do not CC me when replying to lists; I read them!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, and user
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature

Reply to: