[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the DAMs

* martin f. krafft:

> also sprach Martin Schulze <joey@infodrom.org> [2005.02.14.1143 +0100]:
>> > Time we introduce archive signatures then!
>> Too bad there is no Release.gpg anymore, because otherwise we had
>> that already.
> $ HEAD http://ftp.debian.org/debian/dists/sarge/Release.gpg | head -1 
> 200 OK
> We still do. However, a chain is only as strong as the weakest link.
> See debian-security.

We disagree on the strength of its links. 8-)

I don't understand what's keeping apt 0.6 from being distributed with
sarge (modulo a new run of non-automated regression tests, of course).
The key management issue could be side-stepped by switching from a
year-based signing key to a release signing key.  I suspect there's
some kind of non-technical obstacle most DDs don't know about
(wouldn't be the first).

Reply to: