On Mon, Feb 14, 2005 at 08:04:51PM +0100, Peter Palfrader wrote: > A similar 2 key system is probably a good idea for security, and maybe > also for the normal rotated keys (just ship 2005 and 2006 keys now). i think having two keys would make logistics a lot simpler for release upgrades, assuming we had a system that mandated valid gpg signatures. like you suggest, only use one of the two keys, and additionally have the backup key's secret stored offline in a safe place (does SPI have a lock box or safe deposit box we could use?). when it comes time for a new release, or if there is a serious security breach, et c, the new key could be brought out, used to sign a new backup key (which would be placed back in the lockbox), the package providing the key could be updated, and life could happily go on. sean --
Attachment:
signature.asc
Description: Digital signature