Re: APT public key updates?
On Fri, Jan 06, 2006 at 07:35:27AM +0000, Andrew Suffield wrote:
> However, we don't have to do this annually; with a 2048-bit key,
> replacing every five years and generating the new key one year before
> the old one expires should be safe at present.
That's true for the crypto strength issue, however if the key was
rotated that infrequently, the systems that perform the operation will
have succumbed to a lot of bit-rot between invocations and the people
doing it will be out of practise.