On 2011-03-15, Peter Palfrader <wea...@debian.org> wrote: > Apt would then accept either version. > > Of course this only makes sense for unstable which updates regularly. > For security we might consider doing it also, but re-issue a new > InRelease a few hours after the first mirror pulse that gets rid of the > old checksums. > > For stable we probably wouldn't do that as the key to sign stuff is kept > offline, AIUI, so it becomes impractical.
stable doesn't use InRelease because AFAIK it can't handle two signatures in a sane way and because it's not overly useful given that Release and Release.gpg only update every one to two months. Kind regards Philipp Kern -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/slrninuegf.6fn.tr...@kelgar.0x539.de
