[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PGP key to use to contact the Security Team

Simon Valiquette wrote:
>   Hello, I am finishing the French translation of the Securing Debian
> Manual, and I noticed something about the key to use to contact the
> Debian Security Team.
>   In the Securing Debian Manual, the key id to use to send an encrypted
> email to the security team is 363CCD95, but on the following link,
> it is F2E861A3 that is listed instead.
> http://www.debian.org/security/faq.en.html#contact

Maybe the Securing Debian Manual is not up-to-date with regards to the
security contact key?

> 1. Do both keys are still valid?

You should use 0x/F2E861A3.

> 2. If the key F2E861A3 is legitimate (which I think it is because
> I have a trust path to it), wouldn't it makes sense to sign it with
> the old key as well? Or alternatively by 3 members of the security
> team instead of just one?

"old key" would refer to 0x3682B5DF which expired on February 1st 2007
and is the predecessor to the current key.

> 3. The key F2E861A3 claims to have been created on 2007-07-29 and is
> set to expire on 2009-02-18.  So could someone clarify what will
> happens after it expire in six weeks?  Will it be replaced by a new
> key, or will the expiration date simply be changed?

It will be replaced by a newer key, as has happened with the security
key before.



WARNING: Do not execute!  This call violates patent DE10108564.

wget -O patinfo-`date +"%Y%m%d"`.html http://patinfo.ffii.org/

Reply to: