[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

ziyi_2005 key's main signatures not in debian-keyring

The ziyi_2005 archive key available from 

  (the official location, apart from the keyring)

has two signatures. Neither of the two keys used is available in the
debian-keyring package.

Excuse me?

I am being told "not to use this package for this purpose"
... so what is it used for then?

Outdated keys/keyrings do almost more harm than good. Please update
or remove the package.

Now, for the key: sure, archive keys are not official yet. So could
we then please either remove the *.gpg files from the archive, or
rectify the situation in the professional way that our users have
come to expect from us? Right now the *.gpg files suggest a working
signature infrastructure, but when you try to use it, it breaks down
and leaves you with less trust than before.

This half-hearted, half-way, half-supported, and half-broken
situation really casts a very bad light on Debian.

Please do not send copies of list mail to me; I read the list!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, user, and author
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature

Reply to: