Re: Debian APT Key Revocation Procedure
On Sun, 03 Nov 2013, Stephen Gran wrote:
> This one time, at band camp, Henrique de Moraes Holschuh said:
> > For a more precise answer, please ask the debian-admin ML.
> Why? DSA has nothing to do with this.
Hmm, come to think of it you're correct that they're not the best team to
ask about it. On second thought, ftp-masters are probably the best team to
ask about this, along with the Debian release team.
Anyway, it looks like it would be best to have the emergency key revocation
and roll-over procedure written down and published to the public. If it is
already out there, a pointer would be appreciated.
AFAIK, the *regular* key rollovers are handled by a normal update of the
debian-archive-keyring package (extended to stable and old-stable as well),
plus email notification to the debian-announce ML.
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot