Re: APT public key updates?
Anthony Towns <firstname.lastname@example.org> writes:
> On Fri, Jan 06, 2006 at 12:12:50AM -0800, Thomas Bushnell BSG wrote:
>> Anthony Towns <email@example.com> writes:
>> > No, a key is only as good as (a) how hard it is to break; and (b) how
>> > easy it is to trust. Key rotation helps make it harder to break (since
>> > the 2004 key won't do you much good now); and also forces us to consider
>> > how to make new keys easy to trust, which we otherwise might neglect.
>> Looking at the parenthesis: the 2004 key would have been quite
>> valuable a week ago. It could have been used to sign a fake 2005 key.
>> Oh wait: *it still can be*.
> It shouldn't be, since the 2004 key expired almost a year ago. Maybe we
> should be revoking expired keys as well.
Sorry, I meant 2005. I forgot the new year; now I see the point you
were making, and that makes sense to me.