> I am planing to write a script, which will refresh the apt signing key > before updating using "apt-get update".
The question I have is, "What problem are you trying to solve?" I am certain that Debian Security already has a protocol in place for how to handle compromised certificates. Is this protocol flawed or lacking? What problem does it not address which this idea will solve? The next question is, "Why is it important the certificate be retrieved from the keyserver network?" When talking about the global apt repositories, it's likely they have access to multiple of orders of magnitude more bandwidth than the keyserver network. Why not host the signing key on the apt repo server? > Could keyservers cope up with the load? Good question. Probably, but some keyserver operators might view it as rude. Best to ask on sks-de...@nongnu.org. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
