Checking for key expiry on dak new-security-install

To: ftpmaster@debian.org
Cc: team@security.debian.org, debian-wb-team@lists.debian.org
Subject: Checking for key expiry on dak new-security-install
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Mon, 25 Jul 2011 21:05:53 +0200
Message-id: <[🔎] 20110725190552.GA5862@pisco.westfalen.local>

Dear FTP masters,
The wanna-build team is re-signing the builds, which had been rejected
due to the expired buildd keys.

ndependently of that I would suggest to change dak to _not_ do 
additional key expiry checks during dak new-security-install. It's 
of course needed to check the expiry during upload, but doing a 
second check on install sounds like a ticking time bomb with key 
change intervals of 90 days.

Just think of security updates with long embargos or packages waiting
in proposed-updates because of missin builds etc.

Cheers,
        Moritz

Reply to:

Prev by Date: Re: Please re-sign a few security builds
Next by Date: Re: [buildd@praetorius.debian.org: Log for given-back build of fische_3.2.2-1 on powerpc (dist=sid)]
Previous by thread: Re: Please re-sign a few security builds
Next by thread: Re: [buildd@praetorius.debian.org: Log for given-back build of fische_3.2.2-1 on powerpc (dist=sid)]
Index(es):
- Date
- Thread