[D-m-team] Creating changesets
Anthony Towns
aj at azure.humbug.org.au
Tue Nov 20 04:48:37 UTC 2007
On Mon, Nov 19, 2007 at 12:48:32PM -0500, Joey Hess wrote:
> Anthony Towns wrote:
> > Making keycheck grab signatures off the keyserver seems easy enough. And
> > potentially useful in case a key's been revoked since the changeset was
> > originally created.
> Would miss signatures that were never uploaded to a keyserver of course.
> Also needs network, which most of the rest can be done without.
Doesn't keycheck need network to make sure its copy of the DD keyring is up
to date?
> (keycheck should already notice revocations of DD keys since it does work
> against a keyring from the keyserver.)
Sorry, I meant revocations of the *DM* key. eg, the case where it's been
stolen, and the thief is using the compromised key to get access to the
Debian archive, eg.
If we are including sigs, should we be running --recv-keys ourselves to
make sure we're not missing any sigs?
Maybe a better approach would be to strip non-DD sigs, instead? That
could apply to both the DM keyring and the DD keyring. I'm not sure how
possible it is.
Cheers,
aj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 155 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/d-m-team/attachments/20071120/35f21f33/attachment.pgp
More information about the D-m-team
mailing list