+++ /dev/null
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
- <head>
- <meta http-equiv="content-type" content="text/xhtml+xml; charset=utf-8"
- />
- <title>ftp-master.debian.org Archive Signing Keys</title>
- <link type="text/css" rel="stylesheet" href="removals-style.css" />
- <link rel="shortcut icon" href="http://www.debian.org/favicon.ico" />
- </head>
- <body>
- <div id="logo">
- <a href="http://www.debian.org/">
- <img src="http://www.debian.org/logos/openlogo-nd-50.png"
- alt="debian logo" /></a>
- <a href="http://www.debian.org/">
- <img src="http://www.debian.org/Pics/debian.png"
- alt="Debian Project" /></a>
- </div>
-
- <div id="titleblock">
- <img src="http://www.debian.org/Pics/red-upperleft.png"
- id="red-upperleft" alt="corner image"/>
- <img src="http://www.debian.org/Pics/red-lowerleft.png"
- id="red-lowerleft" alt="corner image"/>
- <img src="http://www.debian.org/Pics/red-upperright.png"
- id="red-upperright" alt="corner image"/>
- <img src="http://www.debian.org/Pics/red-lowerright.png"
- id="red-lowerright" alt="corner image"/>
- <span class="title">
- Archive Signing Keys
- </span>
- </div>
- <div id="outer">
- <div id="inner">
- <div id="leftcol">
- <ul>
- <li><a href="/index.html">Main FTP Page</a></li>
- </ul>
- </div>
-
- <div id="maincol">
- <div id="intro">
- <p>This page contains information on the current and past archive
- signing keys. The release files are signed by an automatic archive
- signing key in order to allow verification that software being downloaded
- has not been interfered with.</p>
-
- <p>Please note that as this page is not available by a secure
- mechanism (for instance https), you cannot rely on keys or information
- available here for verification purposes. The details here are
- for information only.</p>
-
- <h2>Which release should be signed with which key?</h2>
- <p>Stable releases are signed by both the ftp-master automatic archive signing
- key in use at the time of the release, and a per-release stable key. Release
- files for other releases (proposed-updates, testing, testing-proposed-updates,
- unstable and experimental) are signed only by the ftp-master automatic key.</p>
-
- <p>The security archive is signed by the normal ftp-master key only.</p>
-
- <p>The current procedure is that there is one ftp-master key per
- release (former procedure introduced a new key once per year).</p>
-
- </div>
-
- <div id="archivekey">
- <h1>Archive Keys</h1>
- <h2>Active Signing Keys</h2>
-
- <p>The current (2009/lenny) key can be <a
- href="/keys/archive-key-5.0.asc">downloaded here</a><br/>
- The fingerprint of this key is <tt>150C 8614 919D 8446 E01E 83AF 9AA3 8DCD 55BE 302B</tt>.<br/>
- The announcements regarding this key can be read at
- <a href="http://lists.debian.org/debian-devel-announce/2009/01/msg00008.html">
- http://lists.debian.org/debian-devel-announce/2009/01/msg00008.html
- </a> and <a href="http://www.debian.org/News/2009/20090523">http://www.debian.org/News/2009/20090523</a>.
- </p>
-
- <p>The soon-to-be-retired (2007/etch) key can be <a
- href="/keys/archive-key-4.0.asc">downloaded here</a>.<br/>
- The fingerprint of this key is <tt>A999 51DA F9BB 569B DB50 AD90 A70D AF53 6070 D3A1</tt></p>
-
- <h2>Stable Keys</h2>
- <h3>etch</h3>
- <p>The fingerprint of the etch stable release key is <tt>7EA3 91D7 2477 203B 58C0 4FBC B5D0 C804 ADB1 1277</tt></p>
-
- <h3>lenny</h3>
- <p>The fingerprint of the lenny stable release key is <tt>7F5A 4445 4C72 4A65 CBCD 4FB1 4D27 0D06 F425 84E6</tt></p>
-
- <h2>Retired Signing Keys</h2>
- <p>The following retired and in most cases expired keys are
- available. <b>Note that these keys are no longer in use and are
- listed here for reference purposes only</b>:
- <ul>
- <li><a href="/keys/ziyi_key_2002.asc">/keys/ziyi_key_2002.asc</a></li>
- <li><a href="/keys/ziyi_key_2003.asc">/keys/ziyi_key_2003.asc</a></li>
- <li><a href="/keys/ziyi_key_2003v2.asc">/keys/ziyi_key_2003v2.asc</a></li>
- <li><a href="/keys/ziyi_key_2004.asc">/keys/ziyi_key_2004.asc</a></li>
- <li><a href="/keys/ziyi_key_2005.asc">/keys/ziyi_key_2005.asc</a></li>
- <li><a href="/keys/ziyi_key_2006.asc">/keys/ziyi_key_2006.asc</a></li>
- </ul>
-
- </p>
- </div>
-
- <div id="replacement">
- <h1>Key Replacement Procedure</h1>
-
- <p>When the archive key is to be replaced, a new key will be generated by one of the
- ftpmasters. This key will then be signed by that ftpmaster and other ftpmasters and
- members of the ftpteam (including verification by phone call of the fingerprint and
- other details of the key to be signed).</p>
-
- <p>Once the new key is prepared, it will be placed on this page, put into the relevant
- archive packages and announced to debian-devel-announce well in advance of being used.</p>
-
- </div>
-
- <div id="revokation">
- <h1>Key Revocation Procedure</h1>
- <p>A revokation certificate for the archive key is produced at the time of the creation
- of an archive key. The program gfshare (package
- <a href="http://packages.debian.org/lenny/libgfshare-bin">libgfshare-bin</a>)
- (a Shamir's secret sharing scheme implementation) is then used to produce 12 shares of
- which 7 are needed to recover the revokation cert.
- This procedure is for use in emergencies only (such as losing ftp-master.debian.org and
- all of the backups, a hopefully unlikely event) as the key can normally be used to produce
- its own revokation certificate.</p>
- </div>
-
- <div id="keysplit">
- <h1>Key Backup / Restore Procedure</h1>
- <p>After the creation of the archive key, the secret part of it will be backed up in one additional
- way. The program gfshare (package
- <a href="http://packages.debian.org/lenny/libgfshare-bin">libgfshare-bin</a>)
- (a Shamir's secret sharing scheme implementation) is used to produce 14 shares of which 9 are needed
- to recover the secret key.</p>
- </div>
-
- <div id="ssss">
- <h1>SSSS holders</h1>
- <p>The following people each hold one of the shares of the revocation certificate / private key.</p>
- <h2>Revocation shares</h2>
- <p>7 of those shares are needed to reproduce the revocation certificate</p>
- <table>
- <tr><th>Debian uid</th><th>Name</th></tr>
- <tr><td>sho</td><td>Samuel Hocevar</td></tr>
- <tr><td>don</td><td>Don Armstrong</td></tr>
- <tr><td>neilm</td><td>Neil McGovern</td></tr>
- <tr><td>djpig</td><td>Frank Lichtenheld</td></tr>
- <tr><td>jimmy</td><td>Jimmy Kaplowitz</td></tr>
- <tr><td>killer</td><td>Kalle Kivimaa</td></tr>
- <tr><td>noodles</td><td>Jonathan McDowell</td></tr>
- <tr><td>rra</td><td>Russ Allbery</td></tr>
- <tr><td>marga</td><td>Margarita Manterola</td></tr>
- <tr><td>thijs</td><td>Thijs Kinkhorst</td></tr>
- <tr><td>meike</td><td>Meike Reichle</td></tr>
- <tr><td>miriam</td><td>Miriam Ruiz</td></tr>
- </table>
-
- <h2>Key shares</h2>
- <p>9 of those shares are needed to reproduce the secret key</p>
- <table>
- <tr><th>Debian uid</th><th>Name</th></tr>
- <tr><td>luk</td><td>Luk Claes</td></tr>
- <tr><td>maxx</td><td>Martin Wuertele</td></tr>
- <tr><td>adeodato</td><td>Adeodato Simó</td></tr>
- <tr><td>myon</td><td>Christoph Berg</td></tr>
- <tr><td>93sam</td><td>Steve McIntyre</td></tr>
- <tr><td>bdale</td><td>Bdale Garbee</td></tr>
- <tr><td>sgran</td><td>Stephen Gran</td></tr>
- <tr><td>dannf</td><td>Dann Frazier</td></tr>
- <tr><td>weasel</td><td>Peter Palfrader</td></tr>
- <tr><td>enrico</td><td>Enrico Zini</td></tr>
- <tr><td>wouter</td><td>Wouter Verhelst</td></tr>
- <tr><td>mhy</td><td>Mark Hymers</td></tr>
- <tr><td>bzed</td><td>Bernd Zeimetz</td></tr>
- <tr><td>stew</td><td>Mike O'Connor</td></tr>
- </table>
- </div>
- <hr />
- <address><a href="mailto:ftpmaster@ftp-master.debian.org">Debian FTP team</a></address>
-
- </body>
-</html>