The ziyi_2005 archive key available from http://ftp-master.debian.org/ziyi_key_2005.asc (the official location, apart from the keyring) has two signatures. Neither of the two keys used is available in the debian-keyring package. Excuse me? I am being told "not to use this package for this purpose" ... so what is it used for then? Outdated keys/keyrings do almost more harm than good. Please update or remove the package. Now, for the key: sure, archive keys are not official yet. So could we then please either remove the *.gpg files from the archive, or rectify the situation in the professional way that our users have come to expect from us? Right now the *.gpg files suggest a working signature infrastructure, but when you try to use it, it breaks down and leaves you with less trust than before. This half-hearted, half-way, half-supported, and half-broken situation really casts a very bad light on Debian. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Attachment:
signature.asc
Description: Digital signature