Re: Bits from the DAMs
* martin f. krafft:
> also sprach Martin Schulze <joey@infodrom.org> [2005.02.14.1143 +0100]:
>> > Time we introduce archive signatures then!
>>
>> Too bad there is no Release.gpg anymore, because otherwise we had
>> that already.
>
> $ HEAD http://ftp.debian.org/debian/dists/sarge/Release.gpg | head -1
> 200 OK
>
> We still do. However, a chain is only as strong as the weakest link.
> See debian-security.
We disagree on the strength of its links. 8-)
I don't understand what's keeping apt 0.6 from being distributed with
sarge (modulo a new run of non-automated regression tests, of course).
The key management issue could be side-stepped by switching from a
year-based signing key to a release signing key. I suspect there's
some kind of non-technical obstacle most DDs don't know about
(wouldn't be the first).
Reply to: