On Wed, 16 Feb 2005, Todd Troxell wrote: > On Mon, Feb 14, 2005 at 02:01:04PM +0100, martin f krafft wrote: > > Moreover, my problem is that the debian-keyring package is outdated. > > Thus I wonder whether it does more harm than good. > > Does this package serve a purpose at all if it's outdated? > > It does seem that we should either get it right or dump it. Would this be a > good candidate for volatile?
It would be THE candidate for volatile, and it *can* be automatically generated from a known-good and trusted source (AFAIK it is possible to have a trusted path to the master keyrings, which are available through rsync even). Update the package every time the master keyrings are updated, and its usefulness will increase quite a lot. Now you only have to react to a reminder that says "please sign and upload the automatically generated package, there were changes in the keyring today", which should be quite fast. There is an alternative. Make it an "installer and updater" package that gets the keyrings using rsync/zsync and keeps them updated (download once every week, at a random time so as not to cause a horde effect...). I would still prefer an auto-updaded package with the keyring data itself, since that is far more server-friendly. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
