* Michael Vogt: > Sorry for the delay. I'm preparing a new upload that adds the 2006 > archive key to the default keyring.
Please try to get a new self-signature without an expiration data first. If they key is compromised, it has to be (manually) revoked anyway. Rotating it once per year doesn't make sense. At the very least, change the expiration data so that it doesn't fall into the holiday season. For stable, an offline key could be used. Maybe for stable-security, too. However, I don't think it's worth the trouble. If the key material is compromised because it is only, the attacker has already reached very central piece of Debian's infrastructure, and we lose even if the actual key material is stored off-line. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
