Le Sam 6 Mai 2006 11:53, Martijn van Oosterhout a écrit : > On 5/5/06, Pierre Habouzit <[EMAIL PROTECTED]> wrote: > > Proposal 1: > > > > a possible way would be to have two valid keys at any time. like > > one new key per year (or 6 month like you want) with a validity of > > 2 years (resp. one year). > > > > that would obviously mean two signatures per package (but I don't > > think that's that much work) and would require the user to update > > their "keyring package" only once every year (or 6 month), which > > looks like a quite reasonnable trade-off. Even stable updates can > > use that scheme, since it's released more than once a year. > > Why would you need two signitures per package?
because that would mean that at any time, the packages that ships the public keys is signed with the beeing-old and the beeing-new keys. It assures an upgrade path. if you take the 2y validity with 1y overlap, to have no problems, users/images/... just have to be updated once a year (and will have a life of at least one year, almost two if those are updated as soon as a new key exists), which sounds reasonnable to me. > In reality, the only way you can truly trust any key is if you get > verification of the fingerprint from some other trusted source. Since > we don't do that, all this discussion is handwaving to solve > practical problems. Perhaps we should be teaching apt/dpkg to fetch > the key from some other source entirely, say an https server, thus > avoiding the issues of transporting keys via the same mechanism as > the packages. true -- ·O· Pierre Habouzit ··O [EMAIL PROTECTED] OOO http://www.madism.org
pgp5gFswO2oPA.pgp
Description: PGP signature