[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Emdebian archive key for Lenny

* Neil Williams [Wed, 07 Jan 2009 20:38:07 +0000]:

> On Tue, 6 Jan 2009 13:54:13 +0100
> Adeodato Simó <dato@net.com.org.es> wrote:

> > * Neil Williams [Wed, 31 Dec 2008 14:59:47 +0000]:

> OK, time for an update on this.

Uhm, sorry, this thread seems to fall through the pipes of -release
backlog. Let's see...

> The emdebian-archive-keyring-udeb is now available via emdebian [2] and
> the current pre-seeding [3] does allow the udeb to be installed,
> providing the key at the earliest stage of d-i (straight after network
> configuration). 

Ok, this is great news.

> > There is a variation of this, which consist in us signing your Release
> > file at the time of Lenny release. This has the advantage that, should
> > either the Emdebian server or the Emdebian key become compromised,
> > installation using d-i is not compromised.

> There may be a short delay - depending on exactly when the Lenny
> release is made but I'm sure we can cope with that. There is nothing in
> the Emdebian Grip stable distribution at this time and it would be
> simple to coordinate the migration of the packages and signing of the
> Release files on #debian-release.

> Would debian-release want to do any checks on the repository itself or
> simply verify the signature on the Release file by the Emdebian key?
> Wookey can arrange access to the Emdebian server.

> Signing the stable Release file with the Emdebian key will be a manual
> process, once I'm happy that the migration of packages into stable has
> been complete and matches Lenny within the subset of packages supported
> by Grip at the time of the release.

I'd personally ask that you hand us a copy of the Release file signed
with *your* personal key (or, if gpg supports it, which I think it does,
with the two keys).

> What is the process for signing the Debian Release files?

A stable RM signs the Release file, and hands the result to ftpmaster --
in this case, you.

I'm Bcc'ing the stable RMs so that they confirm they would be okay with
signing Emdebian Release files. (Sorry I didn't quote all the text, I
thought of the Bcc later. Full thread is on -release.)


Adeodato Simó                                     dato at net.com.org.es
Debian Developer                                  adeodato at debian.org
- You look beaten.
- I just caught Tara laughing with another man.
- Are you sure they weren't just... kissing or something?
- No, they were laughing.
                -- Denny Crane and Alan Shore

Reply to: