> Thank you for your report. Yes, the signature is old, because Packages > files and such for stable are only generated upon some release. So on > the next point release, which shouldn't take too long anymore, the 2006 > key will be used.
Yes but we can't wait anymore because apt is unusable since the key as expired even on stable when you are using apt-check-sigs. And there is no way to bypass this step due to security concerns. "which shouldn't take too long" months? years?... Everyone knewn that the key would be outdate in 2006, I can't understand it's take so long for such critical security issue. > Anyway, for people who already installed stable, nothing changed, and > the trust in the archive doesn't suddenly decrease just because there > was not a re-assurance that yes, the very same release is still genuine. > This doesn't mean that this shouldn't be fixed of course. Except if you are using apt-check-sigs system... This mean that it had to be fixed for yesterday. Xavier > > --Jeroen > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
