[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PGP key to use to contact the Security Team

On Mon, Dec 29, 2008 at 07:32:47AM -0500, Simon Valiquette wrote:
>   So here are my questions:
> 1. Do both keys are still valid?
> 2. If the key F2E861A3 is legitimate (which I think it is because
> I have a trust path to it), wouldn't it makes sense to sign it with
> the old key as well? Or alternatively by 3 members of the security
> team instead of just one?
> 3. The key F2E861A3 claims to have been created on 2007-07-29 and is
> set to expire on 2009-02-18.  So could someone clarify what will
> happens after it expire in six weeks?  Will it be replaced by a new
> key, or will the expiration date simply be changed?
> 3. If the old key 363CCD95 is not used anymore, is there any reasons
> for not revoking it?

4. Why is 363CCD95 on keyring.debian.org but F2E861A3 isn't?

5. Why is neither key documented in the developers reference?  Or
   atleast a refence to that such a key exists.


Reply to: