[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt-secure broke?

On Mon, 31 Jan 2005, Anthony Towns wrote:
> Steve Kowalik wrote:
> >On Sun, 30 Jan 2005 06:21:26 -0500, Anthony DeRobertis uttered
> >>I suspect this has to do with
> >>http://http.us.debian.org/debian/dists/testing/Release.gpg being an
> >>empty file. Stable still has a signature; what happaned?
> >If I remember the conversation on IRC correctly, the archive GPG key
> >expired ...
> Thus marking almost four years since we've had support for this on the 
> server, and still no support for it on the client, even in unstable. *sigh*
> Anyway, should be fixed as of tomorrow. New key at
>   http://ftp-master.debian.org/ziyi_key_2005.asc

Would the relevant people mind signing this key so that it is at least worth
something?  Currently it is signed by the old archive key, which IS an
unprotected key (as in no passphrase) AFAIK.  And common sense says it is
also a signature we can never trust on another ziyi key, since anyone who
could replace a ziyi key could probably sign the replacement key with the
old one.

It would be nice if the Debian archive key had at least three signatures
from third parties.  We have that many ftpmasters AFAIK, so this should not
be asking too much.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: