Andreas Barth
2006-Mar-13 12:28 UTC
[Secure-testing-team] Adding signatures to the public key of the archive
* Olivier Berger (oberger@ouvaton.org) [051019 09:26]:> I''d like to suggest the addition of signatures of Debian developers to > the archive''s public key at http://secure-testing-master.debian.net/ziyi-2005-7.asc > > All I get if I issue a : > > # gpg --list-sigs 8722E71E > pub 1024D/8722E71E 2005-08-24 [expires: 2008-01-31] > uid secure-testing Archive Key 2005-7 <katie@secure-testing.debian.net> > sig 3 97856265 2005-09-19 Jean-Philippe Souque (Gruikdadude) <jean-philippe@souque.com> > sig 3 8722E71E 2005-08-24 secure-testing Archive Key 2005-7 <katie@secure-testing.debian.net> > sub 2048g/A04E64FA 2005-08-24 [expires: 2008-01-31] > sig 8722E71E 2005-08-24 secure-testing Archive Key 2005-7 <katie@secure-testing.debian.net>It should look like: pub 1024D/8722E71E 2005-08-24 [expires: 2008-01-31] uid secure-testing Archive Key 2005-7 <katie@secure-testing.debian.net> sig 3 8722E71E 2005-08-24 secure-testing Archive Key 2005-7 <katie@secure-testing.debian.net> sig EC36A185 2005-08-26 Andreas Barth (Debian Key) <aba@debian.org> sub 2048g/A04E64FA 2005-08-24 [expires: 2008-01-31] sig 8722E71E 2005-08-24 secure-testing Archive Key 2005-7 <katie@secure-testing.debian.net> BTW, I wouldn''t trust any of the signatures of people who are not in the ftp-master role on that key - how can they verify that the key is correct? I updated the key on the web now. Cheers, Andi
Olivier Berger
2006-Mar-13 12:28 UTC
[Secure-testing-team] Adding signatures to the public key of the archive
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi. I''d like to suggest the addition of signatures of Debian developers to the archive''s public key at http://secure-testing-master.debian.net/ziyi-2005-7.asc All I get if I issue a : # gpg --list-sigs 8722E71E pub 1024D/8722E71E 2005-08-24 [expires: 2008-01-31] uid secure-testing Archive Key 2005-7 <katie@secure-testing.debian.net> sig 3 97856265 2005-09-19 Jean-Philippe Souque (Gruikdadude) <jean-philippe@souque.com> sig 3 8722E71E 2005-08-24 secure-testing Archive Key 2005-7 <katie@secure-testing.debian.net> sub 2048g/A04E64FA 2005-08-24 [expires: 2008-01-31] sig 8722E71E 2005-08-24 secure-testing Archive Key 2005-7 <katie@secure-testing.debian.net> and in turn : # gpg --list-sigs 97856265 pub 1024D/97856265 2004-03-21 uid Jean-Philippe Souque (Gruikdadude) <jean-philippe@souque.com> sig 3 97856265 2004-03-21 Jean-Philippe Souque (Gruikdadude) <jean-philippe@souque.com> sub 4096R/48BB06F5 2005-04-30 sig 97856265 2005-04-30 Jean-Philippe Souque (Gruikdadude) <jean-philippe@souque.com> sub 4096R/17AE5CF1 2005-04-30 sig 97856265 2005-04-30 Jean-Philippe Souque (Gruikdadude) <jean-philippe@souque.com> sub 2048g/0B64BE29 2004-03-21 sig 97856265 2004-03-21 Jean-Philippe Souque (Gruikdadude) <jean-philippe@souque.com> This person doesn''t seem to have his key signed by dd... So this seems a bit scary I think. Thanks in advance. Best regards, - -- Olivier BERGER (OpenPGP: 1024D/B4C5F37F) APRIL (http://www.april.org) - Vive python (http://www.python.org) P?tition contre les brevets logiciels : http://petition.eurolinux.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/> iD8DBQFDVetWLBigKrTF838RAgj8AKCTFoB/W5EKJqmdL5NM4XkcQKl3nwCg0Q43 gLjeYNVX3jWJV4mWJZs8J8Y=3uUt -----END PGP SIGNATURE-----