On Sat, Dec 03, 2016 at 11:39:44PM +0530, Pirate Praveen wrote: > On ശനി 03 ഡിസംബര് 2016 11:26 വൈകു, Mattia Rizzolo wrote: > > Yes, the package is not updated every time there is a keyring push. > > What's tagged is what is live on the debian.org infrastructure, not > > what's in the package (and probably you shouldn't rely on that either if > > you need an up-to-date keyring locally). > > > Thanks for the info. Previous uploads were more frequent so I wondered > if there was an issue. If you want the active keyring then the canonical way to get it is use rsync from keyring.debian.org::keyrings/keyrings/ - the sha512sums.txt file is always signed by one of keyring-maint. We also try to keep the read-only copy of the keyring git repo at https://anonscm.debian.org/cgit/keyring/keyring.git/ up to date when a new keyring is made active (pending changes are kept within a private repo for potential security reasons), but that's primarily because there are various things that use the git changelog to understand what changes have happened. The only time we make a concerted effort to ensure the debian-keyring package is up to date in the archive is around the release, so that stable has as current a copy as possible at the point of release. We do generally try and keep it up to date in unstable, but if you care about what's current you should always use the rsynced version. J. -- /-\ | 101 things you can't have too much |@/ Debian GNU/Linux Developer | of : 34 - Beaches. \- |
Attachment:
signature.asc
Description: Digital signature