Bug#345891: needs update for new archive key

To: 345891@bugs.debian.org
Subject: Bug#345891: needs update for new archive key
From: Andrew Vaughan <ajv-lists@netspace.net.au>
Date: Fri, 6 Jan 2006 17:21:04 +1100
Message-id: <[🔎] 200601061721.05126.ajv-lists@netspace.net.au>
Reply-to: Andrew Vaughan <ajv-lists@netspace.net.au>, 345891@bugs.debian.org

Hi

Further things to consider.  Apologies if I these have already been handled.

1. Dec 2006 Etch releases.  Jill downloads and burns etch install cd.
   Jan 2007, old archive key expires, new archive key issued.
   Jan 2008, old archive key expires, new archive key issued.
   Mar 2008, Jill tries to install from the cd created in Dec 2006.  

   Will that work?

   Will that work if all debian-archive-keys were revoked/replaced in
   mid 2007?

2. security.d.o will (presumably) also be signed. 
   Will that be using the same key?

   Using separate keys might make updating after a key compromise simpler.
   (You could use the not-compromised key to sign both package lists
   temporarily).

Andrew

PS I also prefer debian-archive-keyring/debian-archive-keys.

Reply to:

Follow-Ups:
- Bug#345891: needs update for new archive key
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Bug#134694: yo
Next by Date: Bug#345891: needs update for new archive key
Previous by thread: Bug#345891: needs update for new archive key
Next by thread: Bug#345891: needs update for new archive key
Index(es):
- Date
- Thread