Re: APT key maintainence
Andreas Barth <aba@not.so.argh.org> writes:
> * Pierre Habouzit (madcoder@debian.org) [060506 12:46]:
>> if you take the 2y validity with 1y overlap, to have no problems,
>> users/images/... just have to be updated once a year (and will have a
>> life of at least one year, almost two if those are updated as soon as a
>> new key exists), which sounds reasonnable to me.
>
> Actually, if someone installs etch r0, I expect that he can install etch
> r5 without any hassle (unless ftp-master was hijacked :). This means
> that the key used in r5 needs to be available in etch r0.
>
>
> Cheers,
> Andi
Or can be updated + validated without hassle.
Providing keys in advance will never work. Keys will get lost, keys
will be delayed, keys will get compromised and need replacing or any
other unexpected event will break it.
Instead of that make key updates automatic (downloading Release.key)
with a validation step inbetween that checks the keys signatures and
uses user interaction. We can be reasonably sure that at least some of
the ftp-master team will have a key in the stable R0 keyring package
that will still be valid and used for R5. The more signatures the
archive key gets the more likely that becomes.
MfG
Goswin
Reply to: