On Mon, Dec 29, 2008 at 03:50:48PM +0100, Kurt Roeckx wrote: > On Mon, Dec 29, 2008 at 07:32:47AM -0500, Simon Valiquette wrote: > > So here are my questions: > > > > 1. Do both keys are still valid? > > > > 2. If the key F2E861A3 is legitimate (which I think it is because > > I have a trust path to it), wouldn't it makes sense to sign it with > > the old key as well? Or alternatively by 3 members of the security > > team instead of just one? > > > > 3. The key F2E861A3 claims to have been created on 2007-07-29 and is > > set to expire on 2009-02-18. So could someone clarify what will > > happens after it expire in six weeks? Will it be replaced by a new > > key, or will the expiration date simply be changed? > > > > 3. If the old key 363CCD95 is not used anymore, is there any reasons > > for not revoking it? > > 4. Why is 363CCD95 on keyring.debian.org but F2E861A3 isn't? There is an outstanding RT ticket (#353) open for removing 363CCD95 from keyring.debian.org. I have asked for a revocation certificate for it if it's no longer in use and if a newer key should be included, but received no reply so have made no changes. J. -- Web [ Reality is for people with no grasp of fantasy. ] site: http:// [ ] Made by www.earth.li/~noodles/ [ ] HuggieTag 0.0.23
Attachment:
signature.asc
Description: Digital signature