Comment 28 for bug 27959

I use aptitude and I'm sure I don't know all the ins and outs here. But I do have a suggestion for your consideration:

Stop signing the archives with the 2006 key for now. That will allow those who have been using the 2005 key to continue getting updates.

After you have your fixes in place -- and the users have updated their systems with those fixes -- then you can add the 2006 key back in for archive-signing purposes. Maybe you would wait until Feb 1 to start using the 2006 key, for the sake of those who don't update their systems daily. Again, I admittedly don't know all of the ramifications.

I hope that you will, as a part of your fixes, enable users' copies of apt/keyrings to automatically be updated to use the 2006 key based on trust of the 2005 key which they are already using. That would be good for those who don't know about http://ftp-master.debian.org/ziyi_key_2006.asc.

Thank you for considering these possibilities.

Rodger Williams

_______________________________________________
No banners. No pop-ups. No kidding.
Make My Way your home on the Web - http://www.myway.com