+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
+ <head>
+ <meta http-equiv="content-type" content="text/xhtml+xml; charset=utf-8"
+ />
+ <title>ftp-master.debian.org Archive Signing Keys</title>
+ <link type="text/css" rel="stylesheet" href="removals-style.css" />
+ <link rel="shortcut icon" href="http://www.debian.org/favicon.ico" />
+ </head>
+ <body>
+ <div id="logo">
+ <a href="http://www.debian.org/">
+ <img src="http://www.debian.org/logos/openlogo-nd-50.png"
+ alt="debian logo" /></a>
+ <a href="http://www.debian.org/">
+ <img src="http://www.debian.org/Pics/debian.png"
+ alt="Debian Project" /></a>
+ </div>
+
+ <div id="titleblock">
+ <img src="http://www.debian.org/Pics/red-upperleft.png"
+ id="red-upperleft" alt="corner image"/>
+ <img src="http://www.debian.org/Pics/red-lowerleft.png"
+ id="red-lowerleft" alt="corner image"/>
+ <img src="http://www.debian.org/Pics/red-upperright.png"
+ id="red-upperright" alt="corner image"/>
+ <img src="http://www.debian.org/Pics/red-lowerright.png"
+ id="red-lowerright" alt="corner image"/>
+ <span class="title">
+ Archive Signing Keys
+ </span>
+ </div>
+ <div id="outer">
+ <div id="inner">
+ <div id="leftcol">
+ <ul>
+ <li><a href="/index.html">Main FTP Page</a></li>
+ </ul>
+ </div>
+
+ <div id="maincol">
+ <div id="intro">
+ <p>This page contains information on the current and past archive
+ signing keys. The release files are signed by an automatic archive
+ signing key in order to allow verification that software being downloaded
+ has not been interfered with.</p>
+
+ <p>Please note that as this page is not available by a secure
+ mechanism (for instance https), you cannot rely on keys or information
+ available here for verification purposes. The details here are
+ for information only.</p>
+
+ <h2>Which release should be signed with which key?</h2>
+ <p>Stable releases are signed by both the ftp-master automatic archive signing
+ key in use at the time of the release, and a per-release stable key. Release
+ files for other releases (proposed-updates, testing, testing-proposed-updates,
+ unstable and experimental) are signed only by the ftp-master automatic key.</p>
+
+ <p>The security archive is signed by the normal ftp-master key only.</p>
+
+ <p>The current procedure is that there is one ftp-master key per
+ release (former procedure introduced a new key once per year).</p>
+
+ </div>
+
+ <div id="archivekey">
+ <h1>Archive Keys</h1>
+ <h2>Active Signing Keys</h2>
+
+ <p>The current (2007/etch) key can be <a
+ href="/keys/archive-key-4.0.asc">downloaded here</a></p>
+
+ <h2>Upcoming Signing Keys</h2>
+ <p> The new key, which will be used after the 4.0 key expires <b>or</b>
+ after Lenny r1 is released, can be <a
+ href="/keys/archive-key-5.0.asc">downloaded here</a>. (The debian-devel announcement
+ regarding this key can be read at
+ <a href="http://lists.debian.org/debian-devel-announce/2009/01/msg00008.html">
+ http://lists.debian.org/debian-devel-announce/2009/01/msg00008.html</a>)</p>
+
+ <h2>Stable Keys</h2>
+ <h3>etch</h3>
+ <p>Details of the etch key from the release team</p>
+
+ <h3>lenny</h3>
+ <p>Details of the lenny key from the release team</p>
+
+ <h2>Retired Signing Keys</h2>
+ <p>The following retired and in most cases expired keys are
+ available. <b>Note that these keys are no longer in use and are
+ listed here for reference purposes only</b>:
+ <ul>
+ <li><a href="/keys/ziyi_key_2002.asc">/keys/ziyi_key_2002.asc</a></li>
+ <li><a href="/keys/ziyi_key_2003.asc">/keys/ziyi_key_2003.asc</a></li>
+ <li><a href="/keys/ziyi_key_2003v2.asc">/keys/ziyi_key_2003v2.asc</a></li>
+ <li><a href="/keys/ziyi_key_2004.asc">/keys/ziyi_key_2004.asc</a></li>
+ <li><a href="/keys/ziyi_key_2005.asc">/keys/ziyi_key_2005.asc</a></li>
+ <li><a href="/keys/ziyi_key_2006.asc">/keys/ziyi_key_2006.asc</a></li>
+ </ul>
+
+ </p>
+ </div>
+
+ <div id="replacement">
+ <h1>Key Replacement Procedure</h1>
+
+ <p>When the archive key is to be replaced, a new key will be generated by one of the
+ ftpmasters. This key will then be signed by that ftpmaster and other ftpmasters and
+ members of the ftpteam (including verification by phone call of the fingerprint and
+ other details of the key to be signed).</p>
+
+ <p>Once the new key is prepared, it will be placed on this page, put into the relevant
+ archive packages and announced to debian-devel-announce well in advance of being used.</p>
+
+ </div>
+
+ <div id="revokation">
+ <h1>Key Revokation Procedure</h1>
+ <p>A revokation certificate for the archive key is produced at the time of the creation
+ of an archive key. The program ssss (a Shamir's secret sharing scheme implementation)
+ is then used to produce 20 shares of which 10 are needed to recover the revokation cert.
+ This procedure is for use in emergencies only (such as losing ftp-master.debian.org and
+ all of the backups, a hopefully unlikely event) as the key can normally be used to produce
+ its own revokation certificate.</p>
+ </div>
+
+ </div>
+ <hr />
+ <address><a href="mailto:ftpmaster@ftp-master.debian.org">Debian FTP team</a></address>
+
+ </body>
+</html>