On Sun, 06 Nov 2011, Lars Wirzenius wrote: > On Thu, Nov 03, 2011 at 03:44:36PM -0200, Henrique de Moraes Holschuh wrote: > > One thing we have not talked about, is that of subkey validity. It is > > not that kosher to have anything signed in stable with a subkey which > > will not be valid for the lifetime of stable, so we should keep that in > > mind. > > Assuming we're talking about each developer's personal key: what things > would they be signing that matter? Package upload signatures are > relevant only until the upload gets accepted into the archive, and > after that it's the archive signing key that matters.
We don't do much long-term signing, but rarely there will be some outside of the package workflow, i.e. inside packages themselves or related to tool operation. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111106113036.ga13...@khazad-dum.debian.net