On Fri, Jan 06, 2006 at 08:21:14AM -0500, Joey Hess wrote: > BTW, has anyone thought about what will happen when we have a stable > release that has the 200n key in it and 200n+1 rolls around[1]?
On January 1 (or whenever a new key is issued) do a security update for stable on the package that has the keyring. > [1] As is, for example, supposed to happen a month or so after etch is > released. In this case we (well, not me...) can issue a new key that is valid from november 2006 (a month before etch is released) till october 2007. Use that key to sign the packages. Then the first year there will be no problems, unless the key is compromised. -- Maurits van Rees | http://maurits.vanrees.org/ [NL] Work | http://zestsoftware.nl/ GnuPG key | http://maurits.vanrees.org/var/gpgkey.asc "Do only what only you can do." --- Edsger Wybe Dijkstra
signature.asc
Description: Digital signature
