Re: Secure APT Key Management

[Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>]

Martin Schulze <joey@infodrom.org> writes:

> Andreas Barth wrote:
>> Hi,
>> 
>> I try to summarize the results of the discussion from start of August,
>> in hope that we can finish this off, and test-run this first for the
>> next stable point release. From the security team, some input on their
>> preference would be welcome.
>> 
>> 
>> The idea is to have different keys:
>> - One standard online-key for signing unstable; this key would be
>>   rotated e.g. yearly (or whatever the ftp-masters consider fit, I don't
>>   really mind).
>> - One release key per stable release; taken care offline by the stable
>>   release team.
>> - One security key per stable release; taken care somehow by the
>>   security team.

Sorry for not following the discussion closely but what happened to
having the current signing key(ring) in dists/suite/Release.key with
signatures by the ftp-master team (and/or security as appropriate)?

MfG
        Goswin