X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=web%2Fkeys.html;h=55036e9d13cd42810507bb594429920bb7324964;hb=b612f3da207fa0d75a5d3b204ac8f02bb244231a;hp=2fbb8ecede48a48b97dd1ede7b8901f22533ff7d;hpb=a387558a9634102f7b5624f397c48609748c48c7;p=dak.git

diff --git a/web/keys.html b/web/keys.html
index 2fbb8ece..55036e9d 100644
--- a/web/keys.html
+++ b/web/keys.html
@@ -67,23 +67,25 @@
             <h1>Archive Keys</h1>
             <h2>Active Signing Keys</h2>
 
-            <p>The current (2007/etch) key can be <a
-            href="/keys/archive-key-4.0.asc">downloaded here</a></p>
-
-            <h2>Upcoming Signing Keys</h2>
-            <p> The new key, which will be used after the 4.0 key expires <b>or</b>
-            after Lenny r1 is released, can be <a
-            href="/keys/archive-key-5.0.asc">downloaded here</a>.  (The debian-devel announcement
-            regarding this key can be read at
+		  <p>The current (2009/lenny) key can be <a
+            href="/keys/archive-key-5.0.asc">downloaded here</a><br/>
+		  The fingerprint of this key is <tt>150C 8614 919D 8446 E01E  83AF 9AA3 8DCD 55BE 302B</tt>.<br/>
+		  The announcements regarding this key can be read at
             <a href="http://lists.debian.org/debian-devel-announce/2009/01/msg00008.html">
-            http://lists.debian.org/debian-devel-announce/2009/01/msg00008.html</a>)</p>
+		  http://lists.debian.org/debian-devel-announce/2009/01/msg00008.html
+		  </a> and <a href="http://www.debian.org/News/2009/20090523">http://www.debian.org/News/2009/20090523</a>.
+		  </p>
+
+		  <p>The soon-to-be-retired (2007/etch) key can be <a
+            href="/keys/archive-key-4.0.asc">downloaded here</a>.<br/>
+		  The fingerprint of this key is <tt>A999 51DA F9BB 569B DB50  AD90 A70D AF53 6070 D3A1</tt></p>
 
             <h2>Stable Keys</h2>
             <h3>etch</h3>
-            <p>Details of the etch key from the release team</p>
+            <p>The fingerprint of the etch stable release key is <tt>7EA3 91D7 2477 203B 58C0  4FBC B5D0 C804 ADB1 1277</tt></p>
 
             <h3>lenny</h3>
-            <p>Details of the lenny key from the release team</p>
+            <p>The fingerprint of the lenny stable release key is <tt>7F5A 4445 4C72 4A65 CBCD  4FB1 4D27 0D06 F425 84E6</tt></p>
 
             <h2>Retired Signing Keys</h2>
             <p>The following retired and in most cases expired keys are
@@ -115,16 +117,67 @@
         </div>
 
         <div id="revokation">
-            <h1>Key Revokation Procedure</h1>
+            <h1>Key Revocation Procedure</h1>
             <p>A revokation certificate for the archive key is produced at the time of the creation
-            of an archive key.  The program ssss (a Shamir's secret sharing scheme implementation)
-            is then used to produce 20 shares of which 10 are needed to recover the revokation cert.
+            of an archive key.  The program gfshare (package
+		  <a href="http://packages.debian.org/lenny/libgfshare-bin">libgfshare-bin</a>)
+		    (a Shamir's secret sharing scheme implementation) is then used to produce 12 shares of
+		    which 7 are needed to recover the revokation cert.
             This procedure is for use in emergencies only (such as losing ftp-master.debian.org and
             all of the backups, a hopefully unlikely event) as the key can normally be used to produce
             its own revokation certificate.</p>
         </div>
 
+		<div id="keysplit">
+		  <h1>Key Backup / Restore Procedure</h1>
+		  <p>After the creation of the archive key, the secret part of it will be backed up in one additional
+		  way. The program  gfshare (package
+		  <a href="http://packages.debian.org/lenny/libgfshare-bin">libgfshare-bin</a>)
+		  (a Shamir's secret sharing scheme implementation) is used to produce 14 shares of which 9 are needed
+		  to recover the secret key.</p>
         </div>
+
+		<div id="ssss">
+		  <h1>SSSS holders</h1>
+		  <p>The following people each hold one of the shares of the revocation certificate / private key.</p>
+		  <h2>Revocation shares</h2>
+		  <p>7 of those shares are needed to reproduce the revocation certificate</p>
+		  <table>
+			<tr><th>Debian uid</th><th>Name</th></tr>
+			<tr><td>sho</td><td>Samuel Hocevar</td></tr>
+			<tr><td>don</td><td>Don Armstrong</td></tr>
+			<tr><td>neilm</td><td>Neil McGovern</td></tr>
+			<tr><td>djpig</td><td>Frank Lichtenheld</td></tr>
+			<tr><td>jimmy</td><td>Jimmy Kaplowitz</td></tr>
+			<tr><td>killer</td><td>Kalle Kivimaa</td></tr>
+			<tr><td>noodles</td><td>Jonathan McDowell</td></tr>
+			<tr><td>rra</td><td>Russ Allbery</td></tr>
+			<tr><td>marga</td><td>Margarita Manterola</td></tr>
+			<tr><td>thijs</td><td>Thijs Kinkhorst</td></tr>
+			<tr><td>meike</td><td>Meike Reichle</td></tr>
+			<tr><td>miriam</td><td>Miriam Ruiz</td></tr>
+		  </table>
+
+		  <h2>Key shares</h2>
+		  <p>9 of those shares are needed to reproduce the secret key</p>
+		  <table>
+			<tr><th>Debian uid</th><th>Name</th></tr>
+			<tr><td>luk</td><td>Luk Claes</td></tr>
+			<tr><td>maxx</td><td>Martin Wuertele</td></tr>
+			<tr><td>adeodato</td><td>Adeodato Simó</td></tr>
+			<tr><td>myon</td><td>Christoph Berg</td></tr>
+			<tr><td>93sam</td><td>Steve McIntyre</td></tr>
+			<tr><td>bdale</td><td>Bdale Garbee</td></tr>
+			<tr><td>sgran</td><td>Stephen Gran</td></tr>
+			<tr><td>dannf</td><td>Dann Frazier</td></tr>
+			<tr><td>weasel</td><td>Peter Palfrader</td></tr>
+			<tr><td>enrico</td><td>Enrico Zini</td></tr>
+			<tr><td>wouter</td><td>Wouter Verhelst</td></tr>
+			<tr><td>mhy</td><td>Mark Hymers</td></tr>
+			<tr><td>bzed</td><td>Bernd Zeimetz</td></tr>
+			<tr><td>stew</td><td>Mike O'Connor</td></tr>
+		</table>
+		</div>
     <hr />
     <address><a href="mailto:ftpmaster@ftp-master.debian.org">Debian FTP team</a></address>