[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: APT public key updates?

Anthony Towns <aj@azure.humbug.org.au> writes:

> On Fri, Jan 06, 2006 at 12:12:50AM -0800, Thomas Bushnell BSG wrote:
>> Anthony Towns <aj@azure.humbug.org.au> writes:
>> > No, a key is only as good as (a) how hard it is to break; and (b) how
>> > easy it is to trust. Key rotation helps make it harder to break (since
>> > the 2004 key won't do you much good now); and also forces us to consider
>> > how to make new keys easy to trust, which we otherwise might neglect.
>> Looking at the parenthesis: the 2004 key would have been quite
>> valuable a week ago.  It could have been used to sign a fake 2005 key.
>> Oh wait: *it still can be*.  
> It shouldn't be, since the 2004 key expired almost a year ago. Maybe we
> should be revoking expired keys as well.

Sorry, I meant 2005.  I forgot the new year; now I see the point you
were making, and that makes sense to me.


Reply to: