Re: APT public key updates?
Paul TBBle Hampson <Paul.Hampson@anu.edu.au> wrote:
> Although as Steve Langasek has pointed out, the Sarge->Etch upgrade will
> be hard unless the etch key becomes available to Sarge users who've not
> touched their system since Sarge r0a... I guess this comes down to
> making the etch key available in some kind of Sarge-signed repository,
> that you have to add as part of the Etch upgrade, and after which
> apt-key update will bring you up to Etch key currentness.
I dont see a problem in requiring the user to get the key from the debian
homepage whenever they want to verify a different distribution. What you can
du is to have a Debian CA key, if you want to ship a trust anchor with the
archives, but I dont see a need for it, since you need to verify it with
other means anyway.