Anthony Towns wrote: > Oh, the explanation for current practice is that if the key doesn't > change in practice, apps that look at the keys won't cope well with the > key changing, and when that becomes important, such as in the event of > a compromise, we'll have major difficulties in coping. In that case I suggest you rotate it every month for a few cycles. BTW, has anyone thought about what will happen when we have a stable release that has the 200n key in it and 200n+1 rolls around? Will stable even be installable anymore? How will the updated key be pushed out to stable quickly enough? Will we have to rebuild CDs and obsolete all the old ones then too? Is the current scheme of having overlapping signatures for 1 month long enough, given that stable users might well only update their machines quarterly or so? -- see shy jo  As is, for example, supposed to happen a month or so after etch is released.
Description: Digital signature