Package: apt
Severity: wishlist
X-Debbugs-Cc: debian-...@lists.debian.org, debian-devel@lists.debian.org
We would like to start creating the keys that sign unstable in crypto
tokens, so that they are never seen by a general purpose comuting
devices.
These keys would probably be subkeys of the ftpmaster's archive signing
key. We can't backup such subkeys sanely. Tokens might break or
mistakes might be made.
There should be a way for us to easily rotate these signing subkeys.
Ideally, apt would accept any Release file signed by a valid subkey of
an openpgp key it trusts. Therefore, it needs a way to learn about new,
valid subkeys[*].
Maybe we can ship a set of openpgp key updates on the mirrors next to
the Release file, or somewhere in /project, and apt would merge keys
from there. Care needs to be taken so we don't start trusting
completely new keys just because they were on a mirror.
We should to figure out a way how to properly do this.
Cheers,
weasel
* and while we're at it, it might also learn about subkey revocations.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/
