[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bits from the release team

Goswin von Brederlow wrote:
> Having the key in the debian-keyring package was a nice idea but
> ultimatly useless. Sarge users can't fetch the new etch keyring
> package because the signature doesn't match and the signature doesn't
> match because the sarge keyring doesn't have the key. Fun fun fun.

Er, sarge doesn't have secure apt so that problem doesn't exist. Also,
secure apt allows you to install packages that don't have a trust path.

FWIW, I consider this issue solved by the debian-archive-keyring,
only issue I know if is that upgrades have to manually upgrade it before
upgrading apt.

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: