Re: APT public key updates?

["Joe Smith" <unknown_kev_cat@hotmail.com>]

"Michael Vogt" <mvo@debian.org> wrote in message 
[🔎] 20060106005027.GB8597@top.ping.de">news:[🔎] 20060106005027.GB8597@top.ping.de...
> On Fri, Jan 06, 2006 at 01:22:50AM +0100, Petter Reinholdtsen wrote:
> > [Michael Vogt]
> > > Sorry for the delay. I'm preparing a new upload that adds the 2006
> > > archive key to the default keyring.
> >
> > Sounds good.  Will this automatically take care of the key update and
> > make sure no manual intervention is needed to get packages upgraded?
>
> I uploaded a new apt that supports multiple signatures on the release
> file. The policy is that it needs at least one good signature and no
> bad signatures (but any number number of NO_PUBKEY signatures) to be
> considered trusted. It will still warn about missing keys but that's
> only fatal if no good signature was found.
>
> The upload also contains the new key in apts default keyring. This
> dosn't fix the key-upgrade problem yet. I outlined my proposal in
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345891
>
> Early testing (from incoming) is welcome :)
Wait a second. How will people download the new key using apt if apt refuses 
to download because it does not have the new key?
And then what about the future? A stable release will not be upgradable if 
the key is not downloaded, but the key will not be downloadable.

Or am i missing something? This whole thing sounds like a major problem.