Seems you have still missed replying to this. The 2006 key expires on the 7th and is still being used to sign the archive. If this is being used as an empirical way to find out what breakas, fine. So far all I know of is debmirror << 20070123. But I wish you could at least answer my mails about it. Joey Hess wrote: > I think you may have missed replying to this. I'd really like to know > what's going to happen with the 2006 key expiry. > > Joey Hess wrote: > > Anthony Towns wrote: > > > The key we'll be using (and indeed are already using) is available as: > > > > > > http://ftp-master.debian.org/archive-key-4.0.asc > > > > > > It's expected to be valid until sometime after lenny is released. > > > > I feel that we've been pretty miserable at communicating this stuff to > > our developers and our users. While I knew about the etch key (hard to > > miss it, given the ugly behavior it caused in apt when the archive was > > signed with it, before it reached debian-archive-keyring), it wasn't at > > all clear that it would be used to sign anything other than etch. > > > > I've tried to update http://wiki.debian.org/SecureApt to reflect what > > you've said. > > > > I'm still not clear what will happen to the still existing yearly signing > > key though. It's hard to predict what will happen if we reach > > 2007-02-07 and 2D230C5F expires. I think that due to #400526, it will at > > least break debmirror. If we're phasing out the yearly signing key, we > > should be sure to stop signing the archive with it, before it expires. > > Obviously, if we're not phasing it out, we have a rapidly shrinking > > window to create the 2007 key. > > > > -- > > see shy jo > > > -- > see shy jo -- see shy jo
Attachment:
signature.asc
Description: Digital signature