also sprach Florian Weimer <fw@deneb.enyo.de> [2005.02.14.1351 +0100]: > I don't understand what's keeping apt 0.6 from being distributed with > sarge (modulo a new run of non-automated regression tests, of course). It's "too radical a switch" this *close* to the release. > The key management issue could be side-stepped by switching from > a year-based signing key to a release signing key. I suspect > there's some kind of non-technical obstacle most DDs don't know > about (wouldn't be the first). key management still requires some sort of professionalism. Just creating a key and signing it isn't the entire game; users need multiple ways to verify the key until the trust level meets their requirements. Right now, one single method exists, and its weak. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature