[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: APT public key updates?



On Thu, Jan 05, 2006 at 11:04:32PM -0800, Thomas Bushnell BSG wrote:
> It seems to me that this kind of computation depends intrinsically on
> how long it takes to compromise.  If it takes eleven months, then
> we're currently screwed.  It seems unlikely to me that this kind of
> analysis has taken place, which makes it unlikely that this is
> actually the explanation for our current practice.

Oh, the explanation for current practice is that if the key doesn't
change in practice, apps that look at the keys won't cope well with the
key changing, and when that becomes important, such as in the event of
a compromise, we'll have major difficulties in coping.

Cheers,
aj

Attachment: signature.asc
Description: Digital signature


Reply to: