On Sat, Mar 02, 2002 at 01:25:34AM -0800, Matt Kraai wrote: > On Sat, Mar 02, 2002 at 07:39:56AM +0000, Tom Goulet wrote: > > > The key used to create Release.gpg can be found here[1]. > > > 1. http://ftp-master.debian.org/ziyi_key_2002.asc > > Thank you. > > Should it be signed by at least one Debian developer? > > As it is the security scheme is not useful as that key is not in the web > > of trust. > You should raise this issue on debian-security or with the > ftpmasters. They might know the rationale. For what it's worth, the correct key is: ] pub 1024D/722F1AED 2002-01-11 Debian Archive Automatic Signing Key (2002) <ftpmaster@debian.org> ] Key fingerprint = 8FD4 7FF1 AA93 72C3 7043 DC28 AA7D EB7B 722F 1AED ] sub 4096g/D9A900D4 2002-01-11 [expires: 2003-01-18] We haven't developed a complete policy on how all this stuff should be used yet, and there's still some debate as to the effectiveness of any of it. Once we've worked through these a bit more all the stuff'll become much more obvious. Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> We came. We Saw. We Conferenced. http://linux.conf.au/ ``Debian: giving you the power to shoot yourself in each toe individually.'' -- with kudos to Greg Lehey
Attachment:
pgpbv1GsvZD7L.pgp
Description: PGP signature