Bug#345823: apt: Key error at year turnover resembles security problem, and may represent one

To: 345823@bugs.debian.org
Subject: Bug#345823: apt: Key error at year turnover resembles security problem, and may represent one
From: "debian-unstable@myway.com" <debian-unstable@myway.com>
Date: Wed, 4 Jan 2006 19:09:29 -0500 (EST)
Message-id: <[🔎] 20060105000929.7380A3973@mprdmxin.myway.com>
Reply-to: debian-unstable@myway.com, 345823@bugs.debian.org

I use aptitude and I'm sure I don't know all the ins and outs here. But I do have a suggestion for your consideration:



Stop signing the archives with the 2006 key for now. That will allow those who have been using the 2005 key to continue getting updates.



After you have your fixes in place -- and the users have updated their systems with those fixes -- then you can add the 2006 key back in for archive-signing purposes. Maybe you would wait until Feb 1 to start using the 2006 key, for the sake of those who don't update their systems daily. Again, I admittedly don't know all of the ramifications.



I hope that you will, as a part of your fixes, enable users' copies of apt/keyrings to automatically be updated to use the 2006 key based on trust of the 2005 key which they are already using. That would be good for those who don't know about http://ftp-master.debian.org/ziyi_key_2006.asc.



Thank you for considering these possibilities.



Rodger Williams



_______________________________________________
No banners. No pop-ups. No kidding.
Make My Way  your home on the Web - http://www.myway.com

Reply to:

Prev by Date: Bug#346002: apt: GPG error when updating
Next by Date: Bug#271350: apt: please set permissions of Packages/Release files
Previous by thread: Bug#345823: apt: Key error at year turnover resembles security problem, and may represent one
Next by thread: Bug#345823: apt multiple sig behavior
Index(es):
- Date
- Thread