also sprach Florian Weimer <firstname.lastname@example.org> [2005.02.14.1338 +0100]: > > http://ftp-master.debian.org/ziyi_key_2005.asc > > (the official location, apart from the keyring) > > > > has two signatures. Neither of the two keys used is available in the > > debian-keyring package. > > Can you describe the problem you see more clearly? The Web of Trust > is not suited to describing things like "this key is authorized to > sign Debian distributions" (or "this key is authorized to sign Apache > releases", which is my favorite example). My problem is that the ziyi 2005 is a tentacle in the web of trust, and not directly connected to a strongly-connected node, at least not the downloadable version. You know, the "yeah, Debian signs its archives with my cousin's best friend's sister's key, that she just created for the purpose" argument. Moreover, my problem is that the debian-keyring package is outdated. Thus I wonder whether it does more harm than good. -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <email@example.com> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
Description: Digital signature