[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: APT public key updates?

* Steve Langasek (vorlon@debian.org) [060106 13:05]:
> The exposure of the archive key is higher, because it sits on an
> Internet-connected, ssh-accessible server.  Also, you don't have to trust
> AJ's key; in contrast with Florian's assessment of the NM-suitability of the
> three ftpmasters, one ftp assistant, and one RM who have signed this key so
> far :), I would encourage you to log into merkel and verify, directly and
> securely, the key at /org/ftp.debian.org/web/ziyi_key_2006.asc; sign it; and
> upload your signature to the public keyservers as well, if you are satisfied
> that this is the key that is being used on ftp-master.debian.org to sign the
> archive.

I disagree with that - having this key sitting on merkel means nothing.
Checking the configuration on /org/ftp.d.o/katie/katie.conf and the
keyring ziyi uses on ftp-master (i.e. spohr) means something.


Reply to: