Re: bits from the release team

To: debian-devel@lists.debian.org
Subject: Re: bits from the release team
From: Lionel Elie Mamane <lionel@mamane.lu>
Date: Fri, 5 May 2006 09:04:25 +0200
Message-id: <[🔎] 20060505070425.GB13291@capsaicin.mamane.lu>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20060505000745.GA32637@kitenet.net>
References: <20060502203633.GR9262@mails.so.argh.org> <[🔎] 878xphphi2.fsf@informatik.uni-tuebingen.de> <[🔎] 20060505000745.GA32637@kitenet.net>

On Thu, May 04, 2006 at 08:07:45PM -0400, Joey Hess wrote:
> Goswin von Brederlow wrote:

>> Having the key in the debian-keyring package was a nice idea but
>> ultimatly useless. Sarge users can't fetch the new etch keyring
>> package because the signature doesn't match and the signature
>> doesn't match because the sarge keyring doesn't have the key. Fun
>> fun fun.

> FWIW, I consider this issue solved by the debian-archive-keyring,
> only issue I know if is that upgrades have to manually upgrade it
> before upgrading apt.

Why can't we have a master key that signs the yearly keys? After all,
we have a long-term unique X.509 master key, so what's the difference
with OpenPGP?

-- 
Lionel

Reply to:

Follow-Ups:
- Re: bits from the release team
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Re: bits from the release team
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: bits from the release team
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Work-needing packages report for May 5, 2006
Next by Date: Easy way to incorporate Ubuntu improvements back into Debian?
Previous by thread: Re: bits from the release team
Next by thread: Re: bits from the release team
Index(es):
- Date
- Thread