* martin f. krafft: > also sprach Martin Schulze <[EMAIL PROTECTED]> [2005.02.14.1143 +0100]: >> > Time we introduce archive signatures then! >> >> Too bad there is no Release.gpg anymore, because otherwise we had >> that already. > > $ HEAD http://ftp.debian.org/debian/dists/sarge/Release.gpg | head -1 > 200 OK > > We still do. However, a chain is only as strong as the weakest link. > See debian-security.
We disagree on the strength of its links. 8-) I don't understand what's keeping apt 0.6 from being distributed with sarge (modulo a new run of non-automated regression tests, of course). The key management issue could be side-stepped by switching from a year-based signing key to a release signing key. I suspect there's some kind of non-technical obstacle most DDs don't know about (wouldn't be the first). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
