On Tue, Jan 27, 2004 at 03:32:18AM +0100, [EMAIL PROTECTED] wrote: > I wrote on 18.01.2004 [Re: Release.gpg files gone?]: > > curiously, http://ftp-master.debian.org/ziyi_key_2004.asc contains key > > 0x1DB114E0 whereas the key-servers seem to contain key 0x63EFD949 > > Point 1: > There seems to be an incorrect key for [EMAIL PROTECTED] on the key > servers. Am I misinterpreting something? Is this not alarming? At the least: > where do I find the authoritative information on what key is the correct one? > I doubt many of us have met [EMAIL PROTECTED] personally, so how is the > web of trust supposed to work, supposing noone signs that key?
You're going to need to be a bit more specific, because I do not know what you are referring to. mizar:[~] gpg --keyserver keyring.debian.org --recv-keys 0x63EFD949 gpg: no valid OpenPGP data found. gpg: Total number processed: 0 That may have been the previous key, which is now expired, but I don't have a copy around to check. At any rate, the correct key is 0x1DB114E0, and it is signed by James Troup (one of [EMAIL PROTECTED]), as opposed to noone. > [I want woody Release files signed with the new key] > > Is that too much to ask? Is it that complicated? Am I asking in the wrong > place? "I don't know", "I don't know", and "Yes". [EMAIL PROTECTED] handles the signing process. I believe the tool involved is "ziyi": http://cvs.debian.org/dak/ziyi?cvsroot=dak -- - mdz
