On Sat, 1 Apr 2000, Anthony Towns wrote: > Why would verifying a new security-key necessarily be significantly harder > than verifying a new unstable-key, though? In both cases you only really > want to check that its signed by the previous security-key.
But in the other case it replaces/augements the security key, having an automatic means for that seems like a bad idea. > A global index wouldn't be entirely appropriate for partial mirrors. *shrug* The file would be small, people can mirror it too. Partial mirrors are going to need more and more special care in the future that I don't think this is a concern. > How would you go about signing half of a global index with the unstable > key, and leaving the rest signed by the security key? Two indexes each signed by their respective keys, and the two keys. > Having a new file right next to the old Packages.gz file might be > easier to ensure mirroring too. I'm not sure where you'd put a global, > signed index? *shrug* debian/indices with the rest of that stuff. > You could have both, if you wanted, too, I guess. How would the index > be particularly more useful? I've always wanted an index :> It is simpler to work with and faster overall (two gpg checks vs ~36, gpg is very very slow). It also would have file sizes, I like file sizes :> Jason
