[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ziyi_2005 key's main signatures not in debian-keyring

also sprach Florian Weimer <fw@deneb.enyo.de> [2005.02.14.1338 +0100]:
> >   http://ftp-master.debian.org/ziyi_key_2005.asc
> >   (the official location, apart from the keyring)
> >
> > has two signatures. Neither of the two keys used is available in the
> > debian-keyring package.
> Can you describe the problem you see more clearly?  The Web of Trust
> is not suited to describing things like "this key is authorized to
> sign Debian distributions" (or "this key is authorized to sign Apache
> releases", which is my favorite example).

My problem is that the ziyi 2005 is a tentacle in the web of trust,
and not directly connected to a strongly-connected node, at least
not the downloadable version. You know, the "yeah, Debian signs its
archives with my cousin's best friend's sister's key, that she just
created for the purpose" argument.

Moreover, my problem is that the debian-keyring package is outdated.
Thus I wonder whether it does more harm than good.

Please do not send copies of list mail to me; I read the list!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, user, and author
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature

Reply to: