* Steve Langasek ([EMAIL PROTECTED]) [060106 13:05]: > The exposure of the archive key is higher, because it sits on an > Internet-connected, ssh-accessible server. Also, you don't have to trust > AJ's key; in contrast with Florian's assessment of the NM-suitability of the > three ftpmasters, one ftp assistant, and one RM who have signed this key so > far :), I would encourage you to log into merkel and verify, directly and > securely, the key at /org/ftp.debian.org/web/ziyi_key_2006.asc; sign it; and > upload your signature to the public keyservers as well, if you are satisfied > that this is the key that is being used on ftp-master.debian.org to sign the > archive.
I disagree with that - having this key sitting on merkel means nothing. Checking the configuration on /org/ftp.d.o/katie/katie.conf and the keyring ziyi uses on ftp-master (i.e. spohr) means something. Cheers, Andi -- http://home.arcor.de/andreas-barth/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
