[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: APT public key updates?

* Florian Weimer (fw@deneb.enyo.de) [060106 11:56]:
> * Bernd Eckenfels:
> >> IOW using the old key to sign the new key only requires that the old
> >> key be "good" at one point during the new year, whereas continuing to
> >> use the old key requires that it be "good" all year.
> >
> > Yes, but it breaks a long term usage like web of trust.
> The Debian archive key does not take part in the web of trust.
> Anybody who has passed the OpenPGP NM checks should not sign that key.

I disagree. There are people who have first-hand knowledge that this key
is used for the usage written in the key id, i.e. sign the debian
archive. These people can IMHO sign the key.


Reply to: