On Fri, Jan 06, 2006 at 05:21:04PM +1100, Andrew Vaughan wrote: > Hi > Further things to consider. Apologies if I these have already been handled. > 1. Dec 2006 Etch releases. Jill downloads and burns etch install cd. > Jan 2007, old archive key expires, new archive key issued. > Jan 2008, old archive key expires, new archive key issued. > Mar 2008, Jill tries to install from the cd created in Dec 2006. > Will that work? > Will that work if all debian-archive-keys were revoked/replaced in > mid 2007? The ISO images are generated on a different machine from ftp-master, with their own Release files which must be signed by a separate key. The policy for those keys (and for keys used for signing stable in general?) probably needs to be separate from that used on the ftp archive. Anyway, if by "install" you mean "fresh install", rather than just "install some packages from this CD", the keys contained *on* the CD are ultimately trusted (as is the rest of the software on the CD at time of install, basically) at least until the point when you add some external apt source that pulls revocation certificates from the network. So doing an install from the CD should work fine, as long as the CD-signing key has no expiration date or one sufficiently far in the future to cover our worst-case needs for etch, or we provide some override in the CD to allow installing with an ancient signature. Either way, I think ISOs pose much less of a problem for us than ftp apt sources for stable. > 2. security.d.o will (presumably) also be signed. > Will that be using the same key? I don't see any good reason to use the same key, given that they're on separate systems. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. vorlon@debian.org http://www.debian.org/
Attachment:
signature.asc
Description: Digital signature