[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: APT public key updates?




"Michael Vogt" <mvo@debian.org> wrote in message 20060106005027.GB8597@top.ping.de">news:20060106005027.GB8597@top.ping.de...
On Fri, Jan 06, 2006 at 01:22:50AM +0100, Petter Reinholdtsen wrote:
[Michael Vogt]
> Sorry for the delay. I'm preparing a new upload that adds the 2006
> archive key to the default keyring.

Sounds good.  Will this automatically take care of the key update and
make sure no manual intervention is needed to get packages upgraded?

I uploaded a new apt that supports multiple signatures on the release
file. The policy is that it needs at least one good signature and no
bad signatures (but any number number of NO_PUBKEY signatures) to be
considered trusted. It will still warn about missing keys but that's
only fatal if no good signature was found.

The upload also contains the new key in apts default keyring. This
dosn't fix the key-upgrade problem yet. I outlined my proposal in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345891

Early testing (from incoming) is welcome :)

Wait a second. How will people download the new key using apt if apt refuses to download because it does not have the new key? And then what about the future? A stable release will not be upgradable if the key is not downloaded, but the key will not be downloadable.

Or am i missing something? This whole thing sounds like a major problem.



Reply to: