On Wed, 26 Jul 2006, Florian Weimer wrote: > * Martin Schulze: > > > I'd really love to see this feature properly implemented. > > The only approach which is known to work is static keys for stable > releases and stable security updates. The keys can be stored off-line > or on-line, at the discretion of the respective teams. > > So far, we have botched all yearly key rollovers, and there is zero > evidence that we'll get the first one that reallly matters right. > Unfortunately, the key rollover approach is generally assumed to be > required to achieve a decent level of security and strongly preferred > over the alternatives. Needless to say, I very strongly disagree with > that position.
Why don't we put two signatures ? One from a yearly key and one from a release key. Of course, both keys would probably be compromised at the same time (if a compromis arise), but at least the user has the choice to trust either a yearly key only or the release key only (and can thus decide to not have to handle the key rollover). Cheers, -- Raphaël Hertzog Premier livre français sur Debian GNU/Linux : http://www.ouaza.com/livre/admin-debian/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
