[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: APT public key updates?

On Fri, Jan 06, 2006 at 08:21:14AM -0500, Joey Hess wrote:
> In that case I suggest you rotate it every month for a few cycles.

That might not be such a bad idea; having unstable on a weekly rotation
cycle that continues until we've worked out how to handle updates,
with a final rotation back to the current 2006 key then.

> BTW, has anyone thought about what will happen when we have a stable
> release that has the 200n key in it and 200n+1 rolls around[1]? Will stable
> even be installable anymore? How will the updated key be pushed out to
> stable quickly enough? Will we have to rebuild CDs and obsolete all the
> old ones then too? Is the current scheme of having overlapping
> signatures for 1 month long enough, given that stable users might well
> only update their machines quarterly or so?

Perhaps "expiry" isn't exactly what we want -- it's possible we want an
archive key that will only verify Release files with a date earlier than
a given date; but will continue to do so for an extended period of time.


Attachment: signature.asc
Description: Digital signature

Reply to: