On Fri, 2014-09-26 at 11:20 +0800, Paul Wise wrote: > snapshot is a read-only (modulo cosmic rays and removal of > non-redistributable things) historical record, files in it will not be > modified to re-sign with newer keys nor to update Valid-Until. So what would you do now, when one of the past keys was compromised or got simply too weak to be trustworthy anymore? This would mean that stuff shipped by snapshot.d.o is no longer secure (in the sense of preventing MitM during the download, not in the sense that the package themselves would be secured otherwise). Actually, having another APT key for just snapshot.d.o sounds somehow appealing to me from a design POV. Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature