On Sunday 15 February 2009 13:39:16 Kent West wrote: > So I am correct in believing that someone who is upgrading from an etch > stable system to Lenny will be presented with this quandary that he > can't trust the Lenny repository until he first trusts the Lenny > repository? No, they will get the error/warning that one of the two signatures is from a key that is not in the keyring. Aptitude, apt, etc. will still report the packages as trusted (and not further complain) since one of the signatures is good and trusted. As part of the upgrade to Lenny, you'll get the second key added to your trusted keyring and both the the two signatures will be good and trusted until Debian drops the signature made with the old key from the mirrors. (The old key expires in June, I think.) -- Boyd Stephen Smith Jr. ,= ,-_-. =. bss@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/ \_/
Attachment:
signature.asc
Description: This is a digitally signed message part.