On Mon, Dec 29, 2008 at 07:32:47AM -0500, Simon Valiquette wrote: > > So here are my questions: > > 1. Do both keys are still valid? > > 2. If the key F2E861A3 is legitimate (which I think it is because > I have a trust path to it), wouldn't it makes sense to sign it with > the old key as well? Or alternatively by 3 members of the security > team instead of just one? > > 3. The key F2E861A3 claims to have been created on 2007-07-29 and is > set to expire on 2009-02-18. So could someone clarify what will > happens after it expire in six weeks? Will it be replaced by a new > key, or will the expiration date simply be changed? > > 3. If the old key 363CCD95 is not used anymore, is there any reasons > for not revoking it?
4. Why is 363CCD95 on keyring.debian.org but F2E861A3 isn't? 5. Why is neither key documented in the developers reference? Or atleast a refence to that such a key exists. Kurt -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org