Simon Josefsson writes ("Re: Call for volunteers and GR draft: tag2upload key
installation"):
> How about adding the tag2upload keys to a NEW keyring instead?
> https://salsa.debian.org/debian-keyring/keyring/
I think you're suggesting that this key should be in that package,
rather than installed ad-hoc.
As we wrote:
> Better is to have dak accept two keyrings with identical authority:
> debian-keyring.gpg, and a service keyring debian-tag2upload.gpg
> containing the tag2upload key.
I'm certainly not opposed to that idea.
As you write:
> By including it in the official debian keyring package, we get some
> historic accountability of which keys were used. You also get a way
> to phase in new keys and phase out old keys.
keyring-maint, would you welcome an MR for this?
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
