On Sat, Mar 02, 2002 at 01:25:34AM -0800, Matt Kraai wrote:
> On Sat, Mar 02, 2002 at 07:39:56AM +0000, Tom Goulet wrote:
> > > The key used to create Release.gpg can be found here[1].
> > > 1. http://ftp-master.debian.org/ziyi_key_2002.asc
> > Thank you.
> > Should it be signed by at least one Debian developer?
> > As it is the security scheme is not useful as that key is not in the web
> > of trust.
> You should raise this issue on debian-security or with the
> ftpmasters. They might know the rationale.
For what it's worth, the correct key is:
] pub 1024D/722F1AED 2002-01-11 Debian Archive Automatic Signing Key (2002) <ftpmaster@debian.org>
] Key fingerprint = 8FD4 7FF1 AA93 72C3 7043 DC28 AA7D EB7B 722F 1AED
] sub 4096g/D9A900D4 2002-01-11 [expires: 2003-01-18]
We haven't developed a complete policy on how all this stuff should be
used yet, and there's still some debate as to the effectiveness of any
of it. Once we've worked through these a bit more all the stuff'll become
much more obvious.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
We came. We Saw. We Conferenced. http://linux.conf.au/
``Debian: giving you the power to shoot yourself in each
toe individually.'' -- with kudos to Greg Lehey
Attachment:
pgpbv1GsvZD7L.pgp
Description: PGP signature