Re: APT public key updates?
On Thu, Jan 05, 2006 at 04:32:29PM -0800, Matt Zimmerman wrote:
> On Fri, Jan 06, 2006 at 01:22:50AM +0100, Petter Reinholdtsen wrote:
> > [Michael Vogt]
> > > Sorry for the delay. I'm preparing a new upload that adds the 2006
> > > archive key to the default keyring.
> >
> > Sounds good. Will this automatically take care of the key update and
> > make sure no manual intervention is needed to get packages upgraded?
> >
> > Isn't Ubuntu using the signed apt stuff? How are they handling the
> > new archive keys?
>
> Ubuntu's apt package ships only the Ubuntu archive keyring, not the Debian
> archive keyring, so no update is needed when Debian keys change.
That doesn't mean we (Ubuntu) have solved the problem of how to rotate
*our* keys in the event of a key compromise. (To my knowledge, we
haven't.)
--
Colin Watson [cjwatson@debian.org]
Reply to: