Re: PGP key to use to contact the Security Team
Simon Valiquette wrote:
>
> Hello, I am finishing the French translation of the Securing Debian
> Manual, and I noticed something about the key to use to contact the
> Debian Security Team.
>
> In the Securing Debian Manual, the key id to use to send an encrypted
> email to the security team is 363CCD95, but on the following link,
> it is F2E861A3 that is listed instead.
>
> http://www.debian.org/security/faq.en.html#contact
Maybe the Securing Debian Manual is not up-to-date with regards to the
security contact key?
> 1. Do both keys are still valid?
You should use 0x/F2E861A3.
> 2. If the key F2E861A3 is legitimate (which I think it is because
> I have a trust path to it), wouldn't it makes sense to sign it with
> the old key as well? Or alternatively by 3 members of the security
> team instead of just one?
"old key" would refer to 0x3682B5DF which expired on February 1st 2007
and is the predecessor to the current key.
> 3. The key F2E861A3 claims to have been created on 2007-07-29 and is
> set to expire on 2009-02-18. So could someone clarify what will
> happens after it expire in six weeks? Will it be replaced by a new
> key, or will the expiration date simply be changed?
It will be replaced by a newer key, as has happened with the security
key before.
Regards,
Joey
--
WARNING: Do not execute! This call violates patent DE10108564.
http://www.elug.de/projekte/patent-party/patente/DE10108564
wget -O patinfo-`date +"%Y%m%d"`.html http://patinfo.ffii.org/
Reply to: