Re: APT public key updates?
* Michael Vogt:
> Sorry for the delay. I'm preparing a new upload that adds the 2006
> archive key to the default keyring.
Please try to get a new self-signature without an expiration data
If they key is compromised, it has to be (manually) revoked anyway.
Rotating it once per year doesn't make sense. At the very least,
change the expiration data so that it doesn't fall into the holiday
For stable, an offline key could be used. Maybe for stable-security,
too. However, I don't think it's worth the trouble. If the key
material is compromised because it is only, the attacker has already
reached very central piece of Debian's infrastructure, and we lose
even if the actual key material is stored off-line.