Hi guys, I really don't understand debian's security policy... When I read you main security web page, http://security.debian.org I can't refrain from a urge to laugh....
"Debian takes security very seriously.Most security problems brought to our attention are corrected within 48 hours. " Jeroen, I seriously hope that you're not representative of the Debian security team... If you are then I hope most people at least a little concerned about security will read this thread. I'll make sure all my contacts get to it, since it's a huge disrespect of administrators believing in you. I hope you'll soon realize how important this bug is and fix it. For your own good... PS: btw, allowing expired keys may be a workaround, but an unsafe one, and definitely not the solution for this issue.
pgpcnjPkjmksE.pgp
Description: PGP signature
