Re: Release.gpg files gone?
On Tue, Jan 27, 2004 at 03:32:18AM +0100, wopp@parplies.de wrote:
> I wrote on 18.01.2004 [Re: Release.gpg files gone?]:
> > curiously, http://ftp-master.debian.org/ziyi_key_2004.asc contains key
> > 0x1DB114E0 whereas the key-servers seem to contain key 0x63EFD949
>
> Point 1:
> There seems to be an incorrect key for ftpmaster@debian.org on the key
> servers. Am I misinterpreting something? Is this not alarming? At the least:
> where do I find the authoritative information on what key is the correct one?
> I doubt many of us have met ftpmaster@debian.org personally, so how is the
> web of trust supposed to work, supposing noone signs that key?
You're going to need to be a bit more specific, because I do not know what
you are referring to.
mizar:[~] gpg --keyserver keyring.debian.org --recv-keys 0x63EFD949
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
That may have been the previous key, which is now expired, but I don't have
a copy around to check. At any rate, the correct key is 0x1DB114E0, and it
is signed by James Troup (one of ftpmaster@debian.org), as opposed to noone.
> [I want woody Release files signed with the new key]
>
> Is that too much to ask? Is it that complicated? Am I asking in the wrong
> place?
"I don't know", "I don't know", and "Yes". ftpmaster@debian.org handles the
signing process. I believe the tool involved is "ziyi":
http://cvs.debian.org/dak/ziyi?cvsroot=dak
--
- mdz
Reply to: