Adeodato Simó wrote: > * Neil Williams [Wed, 07 Jan 2009 20:38:07 +0000]: > >> On Tue, 6 Jan 2009 13:54:13 +0100 >> Adeodato Simó <[email protected]> wrote: > >>> * Neil Williams [Wed, 31 Dec 2008 14:59:47 +0000]:
>>> There is a variation of this, which consist in us signing your Release >>> file at the time of Lenny release. This has the advantage that, should >>> either the Emdebian server or the Emdebian key become compromised, >>> installation using d-i is not compromised. > >> There may be a short delay - depending on exactly when the Lenny >> release is made but I'm sure we can cope with that. There is nothing in >> the Emdebian Grip stable distribution at this time and it would be >> simple to coordinate the migration of the packages and signing of the >> Release files on #debian-release. > >> Would debian-release want to do any checks on the repository itself or >> simply verify the signature on the Release file by the Emdebian key? >> Wookey can arrange access to the Emdebian server. > >> Signing the stable Release file with the Emdebian key will be a manual >> process, once I'm happy that the migration of packages into stable has >> been complete and matches Lenny within the subset of packages supported >> by Grip at the time of the release. > > I'd personally ask that you hand us a copy of the Release file signed > with *your* personal key (or, if gpg supports it, which I think it does, > with the two keys). It does support it. >> What is the process for signing the Debian Release files? > > A stable RM signs the Release file, and hands the result to ftpmaster -- > in this case, you. Indeed, for a stable (point) release that means after we do some checks (probably should be automated more so we don't overlook anything). > I'm Bcc'ing the stable RMs so that they confirm they would be okay with > signing Emdebian Release files. (Sorry I didn't quote all the text, I > thought of the Bcc later. Full thread is on -release.) Well, if it's me who is going to sign, then I want to do some checks to verify that everything looks more or less ok. Cheers Luk -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
