future keys
Whee?!
While testing Etch upgrades on some old boxes, I noticed that key management
issues get worse and worse, especially if some time happens between upgrades.
Even when ignoring all users of "testing", upgrades between stable releases
kind of _have_ to work well. So, here's my idea:
Could you please generate the Lenny and perhaps even Alien keys, both
testing and stable, and stick them into debian-archive-keyring before Etch
is released? The private keys could be, let's say, buried under a tree
in the Secretary's garden. [1]
While keeping a key that is in use safe can be a tricky issue, having a
future key stored away is something easy to do in a secure manner. And,
when the need arises, the public keys are already distributed.
[1]. Most of less melodramatic solutions would work at least as good.
--
1KB // Microsoft corollary to Hanlon's razor:
// Never attribute to stupidity what can be
// adequately explained by malice.
Reply to: