I would consider this to be a critical issue as it could become a security problem.
Let's assume an archive key is compromised. As an admin reading this on some information channel (irc, twitter, lwn.net, whatever) I would just remove the key as shown by Tollef. Only by reading this bug report I do know now that this plainly would not work. Instead apt-key will reenable this key given any chance. That sound to me like reenabling a root account or password authentication for ssh style, something that should be up to the admin to decide. Having a system override such a decision against me as the admin sounds like a nightmare to me, something I would not accept from a trusted Debian system. So, does this bug still apply? Greetings, Torsten -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
