Skip to content

D
Dak

喜羊羊3508 / Dak
大约 1 年 前同步成功

通知 1
Star 0
Fork 0
D
Dak

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
keys.html 6.1 KB
Newer Older
M
tidy up keys  
Mark Hymers 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
    <head>
        <meta http-equiv="content-type" content="text/xhtml+xml; charset=utf-8"
        />
        <title>ftp-master.debian.org Archive Signing Keys</title>
        <link type="text/css" rel="stylesheet" href="removals-style.css" />
        <link rel="shortcut icon" href="http://www.debian.org/favicon.ico" />
    </head>
    <body>
        <div id="logo">
            <a href="http://www.debian.org/">
                <img src="http://www.debian.org/logos/openlogo-nd-50.png"
                alt="debian logo" /></a>
            <a href="http://www.debian.org/">
                <img src="http://www.debian.org/Pics/debian.png"
                alt="Debian Project" /></a>
        </div>

        <div id="titleblock">
            <img src="http://www.debian.org/Pics/red-upperleft.png"
            id="red-upperleft" alt="corner image"/>
            <img src="http://www.debian.org/Pics/red-lowerleft.png"
            id="red-lowerleft" alt="corner image"/>
            <img src="http://www.debian.org/Pics/red-upperright.png"
            id="red-upperright" alt="corner image"/>
            <img src="http://www.debian.org/Pics/red-lowerright.png"
            id="red-lowerright" alt="corner image"/>
            <span class="title">
                Archive Signing Keys
            </span>
        </div>
        <div id="outer">
        <div id="inner">
        <div id="leftcol">
                <ul>
                        <li><a href="/index.html">Main FTP Page</a></li>
                </ul>
        </div>

        <div id="maincol">
        <div id="intro">
            <p>This page contains information on the current and past archive
            signing keys.  The release files are signed by an automatic archive
            signing key in order to allow verification that software being downloaded
            has not been interfered with.</p>

            <p>Please note that as this page is not available by a secure
            mechanism (for instance https), you cannot rely on keys or information
            available here for verification purposes.  The details here are
            for information only.</p>

            <h2>Which release should be signed with which key?</h2>
            <p>Stable releases are signed by both the ftp-master automatic archive signing
            key in use at the time of the release, and a per-release stable key.  Release
            files for other releases (proposed-updates, testing, testing-proposed-updates,
            unstable and experimental) are signed only by the ftp-master automatic key.</p>

            <p>The security archive is signed by the normal ftp-master key only.</p>

            <p>The current procedure is that there is one ftp-master key per
            release (former procedure introduced a new key once per year).</p>

        </div>

        <div id="archivekey">
            <h1>Archive Keys</h1>
            <h2>Active Signing Keys</h2>

            <p>The current (2007/etch) key can be <a
            href="/keys/archive-key-4.0.asc">downloaded here</a></p>

            <h2>Upcoming Signing Keys</h2>
            <p> The new key, which will be used after the 4.0 key expires <b>or</b>
            after Lenny r1 is released, can be <a
            href="/keys/archive-key-5.0.asc">downloaded here</a>.  (The debian-devel announcement
            regarding this key can be read at
            <a href="http://lists.debian.org/debian-devel-announce/2009/01/msg00008.html">
            http://lists.debian.org/debian-devel-announce/2009/01/msg00008.html</a>)</p>
            
            <h2>Stable Keys</h2>
            <h3>etch</h3>
            <p>Details of the etch key from the release team</p>

            <h3>lenny</h3>
            <p>Details of the lenny key from the release team</p>

            <h2>Retired Signing Keys</h2>
            <p>The following retired and in most cases expired keys are
            available.  <b>Note that these keys are no longer in use and are
            listed here for reference purposes only</b>:
                <ul>
                <li><a href="/keys/ziyi_key_2002.asc">/keys/ziyi_key_2002.asc</a></li>
                <li><a href="/keys/ziyi_key_2003.asc">/keys/ziyi_key_2003.asc</a></li>
                <li><a href="/keys/ziyi_key_2003v2.asc">/keys/ziyi_key_2003v2.asc</a></li>
                <li><a href="/keys/ziyi_key_2004.asc">/keys/ziyi_key_2004.asc</a></li>
                <li><a href="/keys/ziyi_key_2005.asc">/keys/ziyi_key_2005.asc</a></li>
                <li><a href="/keys/ziyi_key_2006.asc">/keys/ziyi_key_2006.asc</a></li>
                </ul>

            </p>
        </div>

        <div id="replacement">
            <h1>Key Replacement Procedure</h1>

            <p>When the archive key is to be replaced, a new key will be generated by one of the
            ftpmasters.  This key will then be signed by that ftpmaster and other ftpmasters and
            members of the ftpteam (including verification by phone call of the fingerprint and
            other details of the key to be signed).</p>

            <p>Once the new key is prepared, it will be placed on this page, put into the relevant
            archive packages and announced to debian-devel-announce well in advance of being used.</p>

        </div>

        <div id="revokation">
            <h1>Key Revokation Procedure</h1>
            <p>A revokation certificate for the archive key is produced at the time of the creation
            of an archive key.  The program ssss (a Shamir's secret sharing scheme implementation)
            is then used to produce 20 shares of which 10 are needed to recover the revokation cert.
            This procedure is for use in emergencies only (such as losing ftp-master.debian.org and
            all of the backups, a hopefully unlikely event) as the key can normally be used to produce
            its own revokation certificate.</p>
        </div>

        </div>
    <hr />
    <address><a href="mailto:ftpmaster@ftp-master.debian.org">Debian FTP team</a></address>

    </body>
</html>