On Thu, Nov 03, 2011 at 03:44:36PM -0200, Henrique de Moraes Holschuh wrote: > One thing we have not talked about, is that of subkey validity. It is > not that kosher to have anything signed in stable with a subkey which > will not be valid for the lifetime of stable, so we should keep that in > mind. Assuming we're talking about each developer's personal key: what things would they be signing that matter? Package upload signatures are relevant only until the upload gets accepted into the archive, and after that it's the archive signing key that matters. -- Freedom-based blog/wiki/web hosting: http://www.branchable.com/
Attachment:
signature.asc
Description: Digital signature