Bug#345891: needs update for new archive key

[Michael Vogt <mvo@debian.org>]

On Fri, Jan 06, 2006 at 02:59:21AM +0100, Adeodato Simó wrote:
> * Michael Vogt [Thu, 05 Jan 2006 23:27:40 +0100]:
> > but we need a better system for upgrades (see below).
> 
>   Thanks for proposing this.
> 
> > I think the same. My proposal is to create a new debain-server-keyring
> 
>   Can I suggest that it's called debian-archive-keyring (or -keys)
>   instead? "debian-server" sounds like "a debian server", while
>   "debian-archive" sounds more (at least to me) like "the Debian
>   Archive".

Thanks everyone for their opinion. 

I uploaded a new debian-archive-keyring package a couple of minutes
ago that will work with apt-key update (and calls it automatically
after it was installed). It will also build a udeb (as suggested by
Joey Hess, thanks to Colin Watson).

About maintainership of this package, I'm happy to maintain it for
now, but I'm equally happy to give it away to the ftp-massters.

This package solves the problem for scheduled key rollovers (where we
sign with both new and old key for a certain time), but it uses the
old key to verify the package. This means that it's not suitable
against a key compromise of the archive key. How to deal with this
scenario needs to be discussed further. 

Cheers,
 Michael

-- 
Linux is not The Answer. Yes is the answer. Linux is The Question. - Neo