+++ /dev/null
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQGiBEVhrscRBAD4M5+qxhZUD67PIz0JeoJ0vB0hsLE6QPV144PLjLZOzHbl4H3N
-hJynyQLwsxmLv+FvCeaKNjZJQxmpIUbolBc5gDvltY9md0VjAIA4BEArR0qSQQ39
-/pq6gQDXMEfwJTnzqY+ZXoQo9p6UIJvjp221QbLcTBW0LTJAOJu77UYj6wCgyMWJ
-XvRz3WFNrOA4q1U87lc6/IED/AivTlX6QQ38BXhZf6UMCfEXSNQuEJbh2PC3YRPj
-V9EyUWlX92cebCThQ/U6lpUdrpDTTIUbDIk4QfvV16QhTBihcFrS7UvikTN94SNF
-9uQbTShOLvtR0gvgGlvzcedYIfdYeaQhyTW/kAspQYiYbsJiVxYbNl+FfFVekX/y
-nEotA/4/0Q1BPGPHTYWBoQV4bqKr7PiAxgoei0n/bEfc6iCh9P/Sv393iJlDI8V5
-pMwGjx+vCH9uOW07lJQhkkXslBlim4O3lU6dXWwUWh9rPTk2Fzx7PeXzFU7mOTEj
-1wx71p1c81AuaI2KrshSyjWs7FI4TR/judMSbu4N6kfT/O+tFbRGRGViaWFuIEFy
-Y2hpdmUgQXV0b21hdGljIFNpZ25pbmcgS2V5ICg0LjAvZXRjaCkgPGZ0cG1hc3Rl
-ckBkZWJpYW4ub3JnPohnBBMRAgAnBQJFYa7HAhsDBQkE6bcABwsJCAcDAgEEFQII
-AwQWAgMBAh4BAheAAAoJEKcNr1NgcNOhLz8An1TEmmq7fltTpQ+Y1oWhnE8WhVeQ
-AKCzh3MBoNd4AIGHcVDzv0N0k+bKZYhGBBARAgAGBQJFYa8JAAoJEDsXvHQqTj6q
-t1QAoITcbL6UHZs57xqk0WwKQMjBDezLAJoCGg4Ax2g8Qp90NxhwmDhHrIXH9A==
-=CGAD
------END PGP PUBLIC KEY BLOCK-----
--- /dev/null
+keys/archive-key-4.0.asc
\ No newline at end of file
+++ /dev/null
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.6 (GNU/Linux)
-
-mQINBEl/YegBEADfwjpRajuMAhtR+YDLkb5qjFeGk021hRu6zNULxLaZUKKle6nu
-8CKnjhmVwUBlzje1vmVCi5d5tZfIFFxe6r5gtfnNnxDn3KM85o6gWh1mtHDecxrn
-Lu5D/7xFGBD+C0sasBuxQItwBsgUk6xYGGm2Yn2PW2ig0Zik0QJXEkFF7F1gm+Ww
-POMxH85uwH8Rf9F/UanCoMtZn3mm+9JqFLu0yVCTa1naJs1jWb9ivRdQuOI8foFC
-dqhQhqj2qws5zxfIZQ+fjkycTCok4kLMcJzWvHfabMmNiiHif8JgQ2me1sc+UMQO
-wOOQ97EBE8wCaQ8ahPJ2pnCD3VyrcKIf8k2LVezm7lL5z6tf4CtvTGL+tNA/jVez
-SNdqWAATs3+ZmXbTRPtfikn077pGNwWnlA6VjnfaVm1OpIix4cyIkE5CoTQ/Ou/i
-R7V4V51JUGY/8d1/rIwHKFEOoblbS46qWGsx1lHyEPqfioACd2TnfqywDZ+NALEr
-ceT88cR1dubrvHcMZ5AOeHbyM75kEtXaTPjxTCaGg3dKN2RMVKLg4Qz+g9F1WeCu
-xY9RQu/0iCGZUCwXnfS05XiavPB728LN//2yuh8glY7NFB9PRd+mH/V9Ib5FctQF
-ccMDMjozhzuveuXdFB31HNcJYZ6gguikTDtj5cYH21G+KPTYfNtHDiMTQwARAQAB
-tEdEZWJpYW4gQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmluZyBLZXkgKDUuMC9sZW5u
-eSkgPGZ0cG1hc3RlckBkZWJpYW4ub3JnPokCPAQTAQIAJgUCSX9h6AIbAwUJB2KH
-AAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEJqjjc1VvjArY0YQAIuE1hR30nLm
-gi5jTFhkwIY4hp5LqpwUZyVaCbb2CEqtAHN/ocFaru6wiIeuBSdgBcp4VvIqkSQe
-R0ZoGyGKg5OQqcS1H4aD29KyRJfWr9FRy0d8EXnz4Zpl6ourQ46veB1esgIjSf+r
-fqYaspuXiJgK1VXhhnHt5Vt3L5ZKZxd8kEeFzCXZ4xifIXXuDEu3+6QS4Kd4koaA
-la87pLHAqGXTNX/6z1avWcIMK2Vlqks3L8/1JjxSteTk6oqirdaKwPerPxBJD/P0
-oYFP6IPn66MgyR8zXb3iNEPIsxprLTNA9ZX5G7X+9RbjodNpCqNn97pb/SUMlGXW
-Fu7NxhRF3J8MuiVTMnuO9Ugl9OtNoEp1gQQbkSinOVA53RJd8yi0ykPTnLHbhYHx
-Vws9ImrBIA/5QCbjqgnQU/VihFNf9lUZbYwScfoPY6aNn5lkjxzlUgtGU3FPARQr
-MgEQrHRB5QRPeUvxNj9zlfkY6tj/lENcqT6BBUQs2cLKsoMbziRMD/0vCKqU6zar
-cU5T/jT0cGuvqDPDsH/KdBEDI8PPw3jGlqgNc4g0GG7Ejzey9QfbeHCThmcZA8WH
-qmjZ4obE07Xs1KNzqcMsfkagoyt9PGhu7cx4fMQOeps9+YOgapJqiL/xCpFGpHKK
-kYwxyXj+DUenM7pIa8VvdC+PskfnVIaAiEYEEBECAAYFAkl/YsYACgkQcV7WoH57
-ismMXwCcD5p3sw3ONeV/TtFY/kEsygboYSgAnjVKUc2tCWQQ4C7tBqx65ceSyiZw
-iEYEEBECAAYFAkl/aEIACgkQNIW6CNDsByMDkQCgtZdra037xHicYW5OOzephXSu
-FRsAn3qS87naNPDSNmU2IRfxEoPgPUzViEYEEBECAAYFAkl/aJoACgkQ9Cbhsr6b
-+NrbfgCglGQZTJesdn4Zqn/G3EZC3jiR3s8An3q1dHmn0cvjbsZgiYx2vFPQkdVb
-=dCmY
------END PGP PUBLIC KEY BLOCK-----
--- /dev/null
+keys/archive-key-5.0.asc
\ No newline at end of file
<div id="leftcol">
<ul>
<li><a href="#intro">Introduction</a></li>
- <li><a href="#archivekey">Archive Signing Key</a></li>
+ <li><a href="/keys.html">Archive Signing Key</a></li>
<li><a href="#ftpteam">FTP Team</a></li>
<li><a href="#dak">dak</a></li>
<li><a href="#new">NEW</a></li>
<div id="archivekey">
<h1>Archive signing key</h1>
- <p>The release files are signed by an automatic archive signing key. The
- 2007/etch key can be <a href="archive-key-4.0.asc">downloaded here</a></p>
-
- <p>The release files are signed by an automatic archive signing key. The
- new key, to be used after the 4.0 key expires *or* right
- after Lenny r1 came out, can be <a href="archive-key-5.0.asc">downloaded here</a></p>
- </div>
+ <p>Information on the archive signing keys is available <a
+ href="/keys.html">here</a></p>
+ </div>
<div id="ftpteam">
<h1>The ftpmaster team</h1>
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
+ <head>
+ <meta http-equiv="content-type" content="text/xhtml+xml; charset=utf-8"
+ />
+ <title>ftp-master.debian.org Archive Signing Keys</title>
+ <link type="text/css" rel="stylesheet" href="removals-style.css" />
+ <link rel="shortcut icon" href="http://www.debian.org/favicon.ico" />
+ </head>
+ <body>
+ <div id="logo">
+ <a href="http://www.debian.org/">
+ <img src="http://www.debian.org/logos/openlogo-nd-50.png"
+ alt="debian logo" /></a>
+ <a href="http://www.debian.org/">
+ <img src="http://www.debian.org/Pics/debian.png"
+ alt="Debian Project" /></a>
+ </div>
+
+ <div id="titleblock">
+ <img src="http://www.debian.org/Pics/red-upperleft.png"
+ id="red-upperleft" alt="corner image"/>
+ <img src="http://www.debian.org/Pics/red-lowerleft.png"
+ id="red-lowerleft" alt="corner image"/>
+ <img src="http://www.debian.org/Pics/red-upperright.png"
+ id="red-upperright" alt="corner image"/>
+ <img src="http://www.debian.org/Pics/red-lowerright.png"
+ id="red-lowerright" alt="corner image"/>
+ <span class="title">
+ Archive Signing Keys
+ </span>
+ </div>
+ <div id="outer">
+ <div id="inner">
+ <div id="leftcol">
+ <ul>
+ <li><a href="/index.html">Main FTP Page</a></li>
+ </ul>
+ </div>
+
+ <div id="maincol">
+ <div id="intro">
+ <p>This page contains information on the current and past archive
+ signing keys. The release files are signed by an automatic archive
+ signing key in order to allow verification that software being downloaded
+ has not been interfered with.</p>
+
+ <p>Please note that as this page is not available by a secure
+ mechanism (for instance https), you cannot rely on keys or information
+ available here for verification purposes. The details here are
+ for information only.</p>
+
+ <h2>Which release should be signed with which key?</h2>
+ <p>Stable releases are signed by both the ftp-master automatic archive signing
+ key in use at the time of the release, and a per-release stable key. Release
+ files for other releases (proposed-updates, testing, testing-proposed-updates,
+ unstable and experimental) are signed only by the ftp-master automatic key.</p>
+
+ <p>The security archive is signed by the normal ftp-master key only.</p>
+
+ <p>The current procedure is that there is one ftp-master key per
+ release (former procedure introduced a new key once per year).</p>
+
+ </div>
+
+ <div id="archivekey">
+ <h1>Archive Keys</h1>
+ <h2>Active Signing Keys</h2>
+
+ <p>The current (2007/etch) key can be <a
+ href="/keys/archive-key-4.0.asc">downloaded here</a></p>
+
+ <h2>Upcoming Signing Keys</h2>
+ <p> The new key, which will be used after the 4.0 key expires <b>or</b>
+ after Lenny r1 is released, can be <a
+ href="/keys/archive-key-5.0.asc">downloaded here</a>. (The debian-devel announcement
+ regarding this key can be read at
+ <a href="http://lists.debian.org/debian-devel-announce/2009/01/msg00008.html">
+ http://lists.debian.org/debian-devel-announce/2009/01/msg00008.html</a>)</p>
+
+ <h2>Stable Keys</h2>
+ <h3>etch</h3>
+ <p>Details of the etch key from the release team</p>
+
+ <h3>lenny</h3>
+ <p>Details of the lenny key from the release team</p>
+
+ <h2>Retired Signing Keys</h2>
+ <p>The following retired and in most cases expired keys are
+ available. <b>Note that these keys are no longer in use and are
+ listed here for reference purposes only</b>:
+ <ul>
+ <li><a href="/keys/ziyi_key_2002.asc">/keys/ziyi_key_2002.asc</a></li>
+ <li><a href="/keys/ziyi_key_2003.asc">/keys/ziyi_key_2003.asc</a></li>
+ <li><a href="/keys/ziyi_key_2003v2.asc">/keys/ziyi_key_2003v2.asc</a></li>
+ <li><a href="/keys/ziyi_key_2004.asc">/keys/ziyi_key_2004.asc</a></li>
+ <li><a href="/keys/ziyi_key_2005.asc">/keys/ziyi_key_2005.asc</a></li>
+ <li><a href="/keys/ziyi_key_2006.asc">/keys/ziyi_key_2006.asc</a></li>
+ </ul>
+
+ </p>
+ </div>
+
+ <div id="replacement">
+ <h1>Key Replacement Procedure</h1>
+
+ <p>When the archive key is to be replaced, a new key will be generated by one of the
+ ftpmasters. This key will then be signed by that ftpmaster and other ftpmasters and
+ members of the ftpteam (including verification by phone call of the fingerprint and
+ other details of the key to be signed).</p>
+
+ <p>Once the new key is prepared, it will be placed on this page, put into the relevant
+ archive packages and announced to debian-devel-announce well in advance of being used.</p>
+
+ </div>
+
+ <div id="revokation">
+ <h1>Key Revokation Procedure</h1>
+ <p>A revokation certificate for the archive key is produced at the time of the creation
+ of an archive key. The program ssss (a Shamir's secret sharing scheme implementation)
+ is then used to produce 20 shares of which 10 are needed to recover the revokation cert.
+ This procedure is for use in emergencies only (such as losing ftp-master.debian.org and
+ all of the backups, a hopefully unlikely event) as the key can normally be used to produce
+ its own revokation certificate.</p>
+ </div>
+
+ </div>
+ <hr />
+ <address><a href="mailto:ftpmaster@ftp-master.debian.org">Debian FTP team</a></address>
+
+ </body>
+</html>
--- /dev/null
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGiBEVhrscRBAD4M5+qxhZUD67PIz0JeoJ0vB0hsLE6QPV144PLjLZOzHbl4H3N
+hJynyQLwsxmLv+FvCeaKNjZJQxmpIUbolBc5gDvltY9md0VjAIA4BEArR0qSQQ39
+/pq6gQDXMEfwJTnzqY+ZXoQo9p6UIJvjp221QbLcTBW0LTJAOJu77UYj6wCgyMWJ
+XvRz3WFNrOA4q1U87lc6/IED/AivTlX6QQ38BXhZf6UMCfEXSNQuEJbh2PC3YRPj
+V9EyUWlX92cebCThQ/U6lpUdrpDTTIUbDIk4QfvV16QhTBihcFrS7UvikTN94SNF
+9uQbTShOLvtR0gvgGlvzcedYIfdYeaQhyTW/kAspQYiYbsJiVxYbNl+FfFVekX/y
+nEotA/4/0Q1BPGPHTYWBoQV4bqKr7PiAxgoei0n/bEfc6iCh9P/Sv393iJlDI8V5
+pMwGjx+vCH9uOW07lJQhkkXslBlim4O3lU6dXWwUWh9rPTk2Fzx7PeXzFU7mOTEj
+1wx71p1c81AuaI2KrshSyjWs7FI4TR/judMSbu4N6kfT/O+tFbRGRGViaWFuIEFy
+Y2hpdmUgQXV0b21hdGljIFNpZ25pbmcgS2V5ICg0LjAvZXRjaCkgPGZ0cG1hc3Rl
+ckBkZWJpYW4ub3JnPohnBBMRAgAnBQJFYa7HAhsDBQkE6bcABwsJCAcDAgEEFQII
+AwQWAgMBAh4BAheAAAoJEKcNr1NgcNOhLz8An1TEmmq7fltTpQ+Y1oWhnE8WhVeQ
+AKCzh3MBoNd4AIGHcVDzv0N0k+bKZYhGBBARAgAGBQJFYa8JAAoJEDsXvHQqTj6q
+t1QAoITcbL6UHZs57xqk0WwKQMjBDezLAJoCGg4Ax2g8Qp90NxhwmDhHrIXH9A==
+=CGAD
+-----END PGP PUBLIC KEY BLOCK-----
--- /dev/null
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+mQINBEl/YegBEADfwjpRajuMAhtR+YDLkb5qjFeGk021hRu6zNULxLaZUKKle6nu
+8CKnjhmVwUBlzje1vmVCi5d5tZfIFFxe6r5gtfnNnxDn3KM85o6gWh1mtHDecxrn
+Lu5D/7xFGBD+C0sasBuxQItwBsgUk6xYGGm2Yn2PW2ig0Zik0QJXEkFF7F1gm+Ww
+POMxH85uwH8Rf9F/UanCoMtZn3mm+9JqFLu0yVCTa1naJs1jWb9ivRdQuOI8foFC
+dqhQhqj2qws5zxfIZQ+fjkycTCok4kLMcJzWvHfabMmNiiHif8JgQ2me1sc+UMQO
+wOOQ97EBE8wCaQ8ahPJ2pnCD3VyrcKIf8k2LVezm7lL5z6tf4CtvTGL+tNA/jVez
+SNdqWAATs3+ZmXbTRPtfikn077pGNwWnlA6VjnfaVm1OpIix4cyIkE5CoTQ/Ou/i
+R7V4V51JUGY/8d1/rIwHKFEOoblbS46qWGsx1lHyEPqfioACd2TnfqywDZ+NALEr
+ceT88cR1dubrvHcMZ5AOeHbyM75kEtXaTPjxTCaGg3dKN2RMVKLg4Qz+g9F1WeCu
+xY9RQu/0iCGZUCwXnfS05XiavPB728LN//2yuh8glY7NFB9PRd+mH/V9Ib5FctQF
+ccMDMjozhzuveuXdFB31HNcJYZ6gguikTDtj5cYH21G+KPTYfNtHDiMTQwARAQAB
+tEdEZWJpYW4gQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmluZyBLZXkgKDUuMC9sZW5u
+eSkgPGZ0cG1hc3RlckBkZWJpYW4ub3JnPokCPAQTAQIAJgUCSX9h6AIbAwUJB2KH
+AAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEJqjjc1VvjArY0YQAIuE1hR30nLm
+gi5jTFhkwIY4hp5LqpwUZyVaCbb2CEqtAHN/ocFaru6wiIeuBSdgBcp4VvIqkSQe
+R0ZoGyGKg5OQqcS1H4aD29KyRJfWr9FRy0d8EXnz4Zpl6ourQ46veB1esgIjSf+r
+fqYaspuXiJgK1VXhhnHt5Vt3L5ZKZxd8kEeFzCXZ4xifIXXuDEu3+6QS4Kd4koaA
+la87pLHAqGXTNX/6z1avWcIMK2Vlqks3L8/1JjxSteTk6oqirdaKwPerPxBJD/P0
+oYFP6IPn66MgyR8zXb3iNEPIsxprLTNA9ZX5G7X+9RbjodNpCqNn97pb/SUMlGXW
+Fu7NxhRF3J8MuiVTMnuO9Ugl9OtNoEp1gQQbkSinOVA53RJd8yi0ykPTnLHbhYHx
+Vws9ImrBIA/5QCbjqgnQU/VihFNf9lUZbYwScfoPY6aNn5lkjxzlUgtGU3FPARQr
+MgEQrHRB5QRPeUvxNj9zlfkY6tj/lENcqT6BBUQs2cLKsoMbziRMD/0vCKqU6zar
+cU5T/jT0cGuvqDPDsH/KdBEDI8PPw3jGlqgNc4g0GG7Ejzey9QfbeHCThmcZA8WH
+qmjZ4obE07Xs1KNzqcMsfkagoyt9PGhu7cx4fMQOeps9+YOgapJqiL/xCpFGpHKK
+kYwxyXj+DUenM7pIa8VvdC+PskfnVIaAiEYEEBECAAYFAkl/YsYACgkQcV7WoH57
+ismMXwCcD5p3sw3ONeV/TtFY/kEsygboYSgAnjVKUc2tCWQQ4C7tBqx65ceSyiZw
+iEYEEBECAAYFAkl/aEIACgkQNIW6CNDsByMDkQCgtZdra037xHicYW5OOzephXSu
+FRsAn3qS87naNPDSNmU2IRfxEoPgPUzViEYEEBECAAYFAkl/aJoACgkQ9Cbhsr6b
++NrbfgCglGQZTJesdn4Zqn/G3EZC3jiR3s8An3q1dHmn0cvjbsZgiYx2vFPQkdVb
+=dCmY
+-----END PGP PUBLIC KEY BLOCK-----
projects / dak / commitdiff