Joey Hess wrote: > BTW, has anyone thought about what will happen when we have a stable > release that has the 200n key in it and 200n+1 rolls around[1]? Will stable > even be installable anymore? How will the updated key be pushed out to > stable quickly enough? Will we have to rebuild CDs and obsolete all the > old ones then too? Is the current scheme of having overlapping > signatures for 1 month long enough, given that stable users might well > only update their machines quarterly or so?
Given that stable is stable, wouldn't it be possible to sign each stable release with a special key kept offline without causing too much trouble? That doesn't solve security updates though, so the key for that would need to be updated as necessary. Alternatively, a two link process with a role key kept offline signing the archive key might be OK as well, but that leaves the question how not to have that key compromised. Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]