Assume it's the end of 2007 and etch has been out for a while. Also assume that etch uses APT 0.6, which features archive signatures. In January 2008, the FTP masters publish a new key to the web, the keyrings, and the debian-keyring package, and start signing the archive with that key from now on. Are security updates now signed with the 2008 key, or will there be separate key for the security team? If the former, how do we get the 2008 key onto users' stable systems from 2007? Thanks, -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature