* Steve Langasek: > I would encourage you to log into merkel and verify, directly and > securely, the key at /org/ftp.debian.org/web/ziyi_key_2006.asc; sign it; and > upload your signature to the public keyservers as well, if you are satisfied > that this is the key that is being used on ftp-master.debian.org to sign the > archive.
Or publish a statement, maybe signed with your OpenPGP key, that the key 1024D/2D230C5F, fingerprint 084750FC01A6D388A643D869010908312D230C5F is the 2006 Debian archive key. This conveys more information than a certifying signature, and avoids the problem how you got physical ID for "Debian Archive Automatic Signing Key (2006) <[EMAIL PROTECTED]>", or a verification that the keyholder actually reads the mailbox mentioned in the user ID. 8-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
