On Fri, Jan 06, 2006 at 09:21:32AM -0500, Joey Hess wrote:
> Maurits van Rees wrote:
> > On Fri, Jan 06, 2006 at 08:21:14AM -0500, Joey Hess wrote:
> > > BTW, has anyone thought about what will happen when we have a stable
> > > release that has the 200n key in it and 200n+1 rolls around[1]?
> >
> > On January 1 (or whenever a new key is issued) do a security update
> > for stable on the package that has the keyring.
>
> That doesn't address most of the issues I raised. Just for example,
> debootstrap in d-i would not see the new key.
I thought I saw a reaction from someone else in a different part of
the thread who thought that for people who install from an already
burned CD set this wouldn't give problems, or only minor. I can't
find that post though.
Now I think about it more you are right that an expired key would give
problems for people downloading a CD image that was originally signed
with that key. In fact I think the same problem arises for a single
package when the key of the developer of that package expires. Any
package signed with the old key becomes untrusted, and should be
regenerated, including the cd images. That would not be nice.
Mind you, I am still using sarge at the moment, so I hardly have
experience with signed packages. I'll go back to lurking now. ;)
--
Maurits van Rees | http://maurits.vanrees.org/ [NL]
Work | http://zestsoftware.nl/
GnuPG key | http://maurits.vanrees.org/var/gpgkey.asc
"Do only what only you can do." --- Edsger Wybe Dijkstra
Attachment:
signature.asc
Description: Digital signature