On Mon, 31 Jan 2005, Anthony Towns wrote: > Steve Kowalik wrote: > >On Sun, 30 Jan 2005 06:21:26 -0500, Anthony DeRobertis uttered > >>I suspect this has to do with > >>http://http.us.debian.org/debian/dists/testing/Release.gpg being an > >>empty file. Stable still has a signature; what happaned? > >If I remember the conversation on IRC correctly, the archive GPG key > >expired ... > > Thus marking almost four years since we've had support for this on the > server, and still no support for it on the client, even in unstable. *sigh* > > Anyway, should be fixed as of tomorrow. New key at > > http://ftp-master.debian.org/ziyi_key_2005.asc
Would the relevant people mind signing this key so that it is at least worth something? Currently it is signed by the old archive key, which IS an unprotected key (as in no passphrase) AFAIK. And common sense says it is also a signature we can never trust on another ziyi key, since anyone who could replace a ziyi key could probably sign the replacement key with the old one. It would be nice if the Debian archive key had at least three signatures from third parties. We have that many ftpmasters AFAIK, so this should not be asking too much. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
