Re: gpg keyrings.

To: Henrique M Holschuh <hmh@debian.org>
Cc: <debian-mentors@lists.debian.org>
Subject: Re: gpg keyrings.
From: Steve Langasek <vorlon@netexpress.net>
Date: Mon, 30 Apr 2001 10:09:22 -0500 (CDT)
Message-id: <Pine.LNX.4.30.0104301001150.29227-100000@tennyson.netexpress.net>
In-reply-to: <20010430105023.A15905@godzillah>

On Mon, 30 Apr 2001, Henrique M Holschuh wrote:

> On Mon, 30 Apr 2001, Santiago Vila wrote:
> > James Troup wrote:
> > > The canonical source for the debian keyring _is_[2] kerying.debian.org
> > > (via anon-rsync); period.  The package is a convenience, nothing
> > > more[3].

> > A package which is horribly outdated is everything but a "convenience".

> That, I agree with. Since the package appears not to be 'handeable' to
> someone else with more time due to security reasons, it should be changed to
> a README telling people to go fetch it (and NO keyrings inside)... or
> removed from the archive.

> At its current update ratio, that package is a liability.

This was my exact reaction to James' post, as well.  Perhaps the package could
include a copy of the old keyring as a 'seed' for rsync, and a cronjob to take
care of the anonymous rsync on the user's behalf?  This way, it's a little
more useful to the user than a documentation package would be, and it helps
the keyring server by lowering the bandwidth requirements. (Users don't have
to go to the central keyserver to get the whole keyring, just to get the diffs
against the most recent package release.)

Steve Langasek
postmodern programmer

Reply to:

References:
- Re: gpg keyrings.
  - From: Henrique M Holschuh <hmh@debian.org>

Prev by Date: Re: Questions about library names
Next by Date: Re: dh_testroot ?
Previous by thread: Re: gpg keyrings.
Next by thread: Re: gpg keyrings.
Index(es):
- Date
- Thread