-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
Hello, I am finishing the French translation of the Securing Debian Manual, and I noticed something about the key to use to contact the Debian Security Team. In the Securing Debian Manual, the key id to use to send an encrypted email to the security team is 363CCD95, but on the following link, it is F2E861A3 that is listed instead. http://www.debian.org/security/faq.en.html#contact http://pgpkeys.pca.dfn.de/pks/lookup?search=0xF2E861A3&op=vindex http://pgpkeys.pca.dfn.de/pks/lookup?search=0x363CCD95&op=vindex So far so good, but the old key seems to still be valid since it is not revoked, and Google find many references to it while Google find only one reference to F2E861A3, a key that is signed by only one person. So here are my questions: 1. Do both keys are still valid? 2. If the key F2E861A3 is legitimate (which I think it is because I have a trust path to it), wouldn't it makes sense to sign it with the old key as well? Or alternatively by 3 members of the security team instead of just one? 3. The key F2E861A3 claims to have been created on 2007-07-29 and is set to expire on 2009-02-18. So could someone clarify what will happens after it expire in six weeks? Will it be replaced by a new key, or will the expiration date simply be changed? 3. If the old key 363CCD95 is not used anymore, is there any reasons for not revoking it? Thank you in advance for the clarifications, Simon Valiquette -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Linux PPC) iEYEAREDAAYFAklYwvkACgkQJPE+P+aMAJIXxACfZaIjWuqVFsakCdobInLVGqKm OgoAmwcLp+cmGLJX7lyeVxnRKh28kMAQ =+FqI -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
