On Fri, Jan 06, 2006 at 08:21:14AM -0500, Joey Hess wrote: > In that case I suggest you rotate it every month for a few cycles. That might not be such a bad idea; having unstable on a weekly rotation cycle that continues until we've worked out how to handle updates, with a final rotation back to the current 2006 key then. > BTW, has anyone thought about what will happen when we have a stable > release that has the 200n key in it and 200n+1 rolls around[1]? Will stable > even be installable anymore? How will the updated key be pushed out to > stable quickly enough? Will we have to rebuild CDs and obsolete all the > old ones then too? Is the current scheme of having overlapping > signatures for 1 month long enough, given that stable users might well > only update their machines quarterly or so? Perhaps "expiry" isn't exactly what we want -- it's possible we want an archive key that will only verify Release files with a date earlier than a given date; but will continue to do so for an extended period of time. Cheers, aj
Attachment:
signature.asc
Description: Digital signature