February 9th, 2011
The Debian Project wishes to announce the change of the GNU Privacy
Guard key used to digitally sign the archive reference files. Signatures
are used to ensure that packages installed by users are the very same
originally distributed by Debian and have not been exchanged or
tampered with.
Affected distributions are the Debian unstable branch (codenamed
Sid) as well as the testing branch (codenamed
Wheezy). The Debian Security (security.debian.org) and Backports (backports.debian.org) archive also start using the new key now. The current stable version Debian 6.0 (codenamed
Squeeze) and the current oldstable version Debian GNU/Linux 5.0 (codenamed
Lenny) will have their ftpmaster signature updated with their next point release.
The new key has already been distributed via the debian-archive-keyring
package and is included in all current releases of Debian.
Starting with the next mirror update this evening only the new key will be used.
For reference, the old key is:
pub 4096R/55BE302B 2009-01-27 [expires: 2012-12-31]
Key fingerprint = 150C 8614 919D 8446 E01E 83AF 9AA3 8DCD 55BE 302B
uid Debian Archive Automatic Signing Key (5.0/lenny) <ftpmaster@debian.org>
and the new one:
pub 4096R/473041FA 2010-08-27 [expires: 2018-03-05]
Key fingerprint = 9FED 2BCB DCD2 9CDF 7626 78CB AED4 B06F 4730 41FA
uid Debian Archive Automatic Signing Key (6.0/squeeze) <ftpmaster@debian.org>
This key rollover is a normal maintenance task and was started in
August 2010. For security reasons Debian's archive signing keys regularly
expire after three years.
No comments:
Post a Comment
If you have any suggestion or clarification you send it via on this form.