[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

future keys


While testing Etch upgrades on some old boxes, I noticed that key management
issues get worse and worse, especially if some time happens between upgrades.
Even when ignoring all users of "testing", upgrades between stable releases
kind of _have_ to work well.  So, here's my idea:

Could you please generate the Lenny and perhaps even Alien keys, both
testing and stable, and stick them into debian-archive-keyring before Etch
is released?  The private keys could be, let's say, buried under a tree
in the Secretary's garden. [1]

While keeping a key that is in use safe can be a tricky issue, having a
future key stored away is something easy to do in a secure manner.  And,
when the need arises, the public keys are already distributed.

[1]. Most of less melodramatic solutions would work at least as good.
1KB		// Microsoft corollary to Hanlon's razor:
		//	Never attribute to stupidity what can be
		//	adequately explained by malice.

Reply to: