Debian-news is about one simple thing - news about Debian GNU/Linux and the top free distributions based on Debian GNU/Linux.


 

Debian Archive Signing Key to be changed

The Debian Project wishes to announce the change of the GNU Privacy
Guard key used to digitally sign the archive reference files. Signatures are used to ensure that packages installed by users are the very same originally distributed by Debian and have not been exchanged or tempered with.

Affected distributions are the Debian unstable branch (codenamed “Sid”)
as well as the testing branch (codenamed “Wheezy”). The Debian Security
(security.debian.org) and Backports (backports.debian.org) archive also
start using the new key now. The current stable version Debian
GNU/Linux 6.0 (codenamed “Squeeze”) and the current oldstable version
Debian GNU/Linux 5.0 (codenamed “Lenny”) will have their ftpmaster
signature updated with their next point release.

The new key has already been distributed via the debian-archive-keyring
[1] package and is included in all current releases of Debian.

1: http://packages.debian.org/debian-archive-keyring

Starting with the next mirror update this evening only the new key will
be used.

For reference, the old key is:

pub 4096R/55BE302B 2009-01-27 [expires: 2012-12-31]
Key fingerprint = 150C 8614 919D 8446 E01E 83AF 9AA3 8DCD 55BE 302B
uid Debian Archive Automatic Signing Key (5.0/lenny)

and the new one:

pub 4096R/473041FA 2010-08-27 [expires: 2018-03-05]
Key fingerprint = 9FED 2BCB DCD2 9CDF 7626 78CB AED4 B06F 4730 41FA
uid Debian Archive Automatic Signing Key (6.0/squeeze)

This key rollover is a normal maintainance task and was started in
August 2010 [2]. For security reasons Debian’s archive signing keys
regularily expire after three years.

2: http://lists.debian.org/87d3t3as2k.fsf@gkar.ganneff.de

About Debian
————

The Debian Project was founded in 1993 by Ian Murdock to be a truly
free community project. Since then the project has grown to be one of
the largest and most influential open source projects. Over a thousand
volunteers from all over the world work together to create and maintain
Debian software. Available in 70 languages, and supporting a huge range
of computer types, Debian calls itself the “universal operating
system”.

Contact Information
——————-

For further information, please visit the Debian web pages at
http://www.debian.org/ or send mail to .

2 Responses to “Debian Archive Signing Key to be changed” »

  1. Comment by Llogic — February 12, 2011 @ 1:06 pm

    What does that means for normal user?

    Will the keyring be updated during a apt-get update/upgrade or are normal users expected to do something else or nothing at all?

  2. Comment by Llogic — February 12, 2011 @ 1:06 pm

    What does that means for normal user?

    Will the keyring be updated during a apt-get update/upgrade or are normal users expected to do something else or nothing at all?

    Thanks for clarify.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Debian-News is not related to the Debian Project.
All logos and trademarks on this site are property of their respective owners.