Bug#345891: needs update for new archive key
Hi
Further things to consider. Apologies if I these have already been handled.
1. Dec 2006 Etch releases. Jill downloads and burns etch install cd.
Jan 2007, old archive key expires, new archive key issued.
Jan 2008, old archive key expires, new archive key issued.
Mar 2008, Jill tries to install from the cd created in Dec 2006.
Will that work?
Will that work if all debian-archive-keys were revoked/replaced in
mid 2007?
2. security.d.o will (presumably) also be signed.
Will that be using the same key?
Using separate keys might make updating after a key compromise simpler.
(You could use the not-compromised key to sign both package lists
temporarily).
Andrew
PS I also prefer debian-archive-keyring/debian-archive-keys.
Reply to: