From 4c5ae2c43000a73987c818f7abc5368a797bfeb0 Mon Sep 17 00:00:00 2001 From: Mark Hymers Date: Tue, 27 Jan 2009 21:32:22 +0000 Subject: [PATCH] tidy up keys Signed-off-by: Mark Hymers --- web/archive-key-4.0.asc | 19 +---- web/archive-key-5.0.asc | 35 +------- web/index.html | 12 +-- web/keys.html | 132 +++++++++++++++++++++++++++++ web/keys/archive-key-4.0.asc | 18 ++++ web/keys/archive-key-5.0.asc | 34 ++++++++ web/{ => keys}/ziyi_key.asc | 0 web/{ => keys}/ziyi_key2.asc | 0 web/{ => keys}/ziyi_key_2002.asc | 0 web/{ => keys}/ziyi_key_2003.asc | 0 web/{ => keys}/ziyi_key_2003v2.asc | 0 web/{ => keys}/ziyi_key_2004.asc | 0 web/{ => keys}/ziyi_key_2005.asc | 0 web/{ => keys}/ziyi_key_2006.asc | 0 web/{ => keys}/ziyi_key_revoke.asc | 0 15 files changed, 190 insertions(+), 60 deletions(-) mode change 100644 => 120000 web/archive-key-4.0.asc mode change 100644 => 120000 web/archive-key-5.0.asc create mode 100644 web/keys.html create mode 100644 web/keys/archive-key-4.0.asc create mode 100644 web/keys/archive-key-5.0.asc rename web/{ => keys}/ziyi_key.asc (100%) rename web/{ => keys}/ziyi_key2.asc (100%) rename web/{ => keys}/ziyi_key_2002.asc (100%) rename web/{ => keys}/ziyi_key_2003.asc (100%) rename web/{ => keys}/ziyi_key_2003v2.asc (100%) rename web/{ => keys}/ziyi_key_2004.asc (100%) rename web/{ => keys}/ziyi_key_2005.asc (100%) rename web/{ => keys}/ziyi_key_2006.asc (100%) rename web/{ => keys}/ziyi_key_revoke.asc (100%) diff --git a/web/archive-key-4.0.asc b/web/archive-key-4.0.asc deleted file mode 100644 index c2425d5e..00000000 --- a/web/archive-key-4.0.asc +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQGiBEVhrscRBAD4M5+qxhZUD67PIz0JeoJ0vB0hsLE6QPV144PLjLZOzHbl4H3N -hJynyQLwsxmLv+FvCeaKNjZJQxmpIUbolBc5gDvltY9md0VjAIA4BEArR0qSQQ39 -/pq6gQDXMEfwJTnzqY+ZXoQo9p6UIJvjp221QbLcTBW0LTJAOJu77UYj6wCgyMWJ -XvRz3WFNrOA4q1U87lc6/IED/AivTlX6QQ38BXhZf6UMCfEXSNQuEJbh2PC3YRPj -V9EyUWlX92cebCThQ/U6lpUdrpDTTIUbDIk4QfvV16QhTBihcFrS7UvikTN94SNF -9uQbTShOLvtR0gvgGlvzcedYIfdYeaQhyTW/kAspQYiYbsJiVxYbNl+FfFVekX/y -nEotA/4/0Q1BPGPHTYWBoQV4bqKr7PiAxgoei0n/bEfc6iCh9P/Sv393iJlDI8V5 -pMwGjx+vCH9uOW07lJQhkkXslBlim4O3lU6dXWwUWh9rPTk2Fzx7PeXzFU7mOTEj -1wx71p1c81AuaI2KrshSyjWs7FI4TR/judMSbu4N6kfT/O+tFbRGRGViaWFuIEFy -Y2hpdmUgQXV0b21hdGljIFNpZ25pbmcgS2V5ICg0LjAvZXRjaCkgPGZ0cG1hc3Rl -ckBkZWJpYW4ub3JnPohnBBMRAgAnBQJFYa7HAhsDBQkE6bcABwsJCAcDAgEEFQII -AwQWAgMBAh4BAheAAAoJEKcNr1NgcNOhLz8An1TEmmq7fltTpQ+Y1oWhnE8WhVeQ -AKCzh3MBoNd4AIGHcVDzv0N0k+bKZYhGBBARAgAGBQJFYa8JAAoJEDsXvHQqTj6q -t1QAoITcbL6UHZs57xqk0WwKQMjBDezLAJoCGg4Ax2g8Qp90NxhwmDhHrIXH9A== -=CGAD ------END PGP PUBLIC KEY BLOCK----- diff --git a/web/archive-key-4.0.asc b/web/archive-key-4.0.asc new file mode 120000 index 00000000..be7fe02f --- /dev/null +++ b/web/archive-key-4.0.asc @@ -0,0 +1 @@ +keys/archive-key-4.0.asc \ No newline at end of file diff --git a/web/archive-key-5.0.asc b/web/archive-key-5.0.asc deleted file mode 100644 index 024a25c8..00000000 --- a/web/archive-key-5.0.asc +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.6 (GNU/Linux) - -mQINBEl/YegBEADfwjpRajuMAhtR+YDLkb5qjFeGk021hRu6zNULxLaZUKKle6nu -8CKnjhmVwUBlzje1vmVCi5d5tZfIFFxe6r5gtfnNnxDn3KM85o6gWh1mtHDecxrn -Lu5D/7xFGBD+C0sasBuxQItwBsgUk6xYGGm2Yn2PW2ig0Zik0QJXEkFF7F1gm+Ww -POMxH85uwH8Rf9F/UanCoMtZn3mm+9JqFLu0yVCTa1naJs1jWb9ivRdQuOI8foFC -dqhQhqj2qws5zxfIZQ+fjkycTCok4kLMcJzWvHfabMmNiiHif8JgQ2me1sc+UMQO -wOOQ97EBE8wCaQ8ahPJ2pnCD3VyrcKIf8k2LVezm7lL5z6tf4CtvTGL+tNA/jVez -SNdqWAATs3+ZmXbTRPtfikn077pGNwWnlA6VjnfaVm1OpIix4cyIkE5CoTQ/Ou/i -R7V4V51JUGY/8d1/rIwHKFEOoblbS46qWGsx1lHyEPqfioACd2TnfqywDZ+NALEr -ceT88cR1dubrvHcMZ5AOeHbyM75kEtXaTPjxTCaGg3dKN2RMVKLg4Qz+g9F1WeCu -xY9RQu/0iCGZUCwXnfS05XiavPB728LN//2yuh8glY7NFB9PRd+mH/V9Ib5FctQF -ccMDMjozhzuveuXdFB31HNcJYZ6gguikTDtj5cYH21G+KPTYfNtHDiMTQwARAQAB -tEdEZWJpYW4gQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmluZyBLZXkgKDUuMC9sZW5u -eSkgPGZ0cG1hc3RlckBkZWJpYW4ub3JnPokCPAQTAQIAJgUCSX9h6AIbAwUJB2KH -AAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEJqjjc1VvjArY0YQAIuE1hR30nLm -gi5jTFhkwIY4hp5LqpwUZyVaCbb2CEqtAHN/ocFaru6wiIeuBSdgBcp4VvIqkSQe -R0ZoGyGKg5OQqcS1H4aD29KyRJfWr9FRy0d8EXnz4Zpl6ourQ46veB1esgIjSf+r -fqYaspuXiJgK1VXhhnHt5Vt3L5ZKZxd8kEeFzCXZ4xifIXXuDEu3+6QS4Kd4koaA -la87pLHAqGXTNX/6z1avWcIMK2Vlqks3L8/1JjxSteTk6oqirdaKwPerPxBJD/P0 -oYFP6IPn66MgyR8zXb3iNEPIsxprLTNA9ZX5G7X+9RbjodNpCqNn97pb/SUMlGXW -Fu7NxhRF3J8MuiVTMnuO9Ugl9OtNoEp1gQQbkSinOVA53RJd8yi0ykPTnLHbhYHx -Vws9ImrBIA/5QCbjqgnQU/VihFNf9lUZbYwScfoPY6aNn5lkjxzlUgtGU3FPARQr -MgEQrHRB5QRPeUvxNj9zlfkY6tj/lENcqT6BBUQs2cLKsoMbziRMD/0vCKqU6zar -cU5T/jT0cGuvqDPDsH/KdBEDI8PPw3jGlqgNc4g0GG7Ejzey9QfbeHCThmcZA8WH -qmjZ4obE07Xs1KNzqcMsfkagoyt9PGhu7cx4fMQOeps9+YOgapJqiL/xCpFGpHKK -kYwxyXj+DUenM7pIa8VvdC+PskfnVIaAiEYEEBECAAYFAkl/YsYACgkQcV7WoH57 -ismMXwCcD5p3sw3ONeV/TtFY/kEsygboYSgAnjVKUc2tCWQQ4C7tBqx65ceSyiZw -iEYEEBECAAYFAkl/aEIACgkQNIW6CNDsByMDkQCgtZdra037xHicYW5OOzephXSu -FRsAn3qS87naNPDSNmU2IRfxEoPgPUzViEYEEBECAAYFAkl/aJoACgkQ9Cbhsr6b -+NrbfgCglGQZTJesdn4Zqn/G3EZC3jiR3s8An3q1dHmn0cvjbsZgiYx2vFPQkdVb -=dCmY ------END PGP PUBLIC KEY BLOCK----- diff --git a/web/archive-key-5.0.asc b/web/archive-key-5.0.asc new file mode 120000 index 00000000..6b31b929 --- /dev/null +++ b/web/archive-key-5.0.asc @@ -0,0 +1 @@ +keys/archive-key-5.0.asc \ No newline at end of file diff --git a/web/index.html b/web/index.html index db540dcb..7e3ca97c 100644 --- a/web/index.html +++ b/web/index.html @@ -35,7 +35,7 @@

The ftpmaster team

diff --git a/web/keys.html b/web/keys.html new file mode 100644 index 00000000..46dab92f --- /dev/null +++ b/web/keys.html @@ -0,0 +1,132 @@ + + + + + ftp-master.debian.org Archive Signing Keys + + + + + + +
+ corner image + corner image + corner image + corner image + + Archive Signing Keys + +
+
+
+
+ +
+ +
+
+

This page contains information on the current and past archive + signing keys. The release files are signed by an automatic archive + signing key in order to allow verification that software being downloaded + has not been interfered with.

+ +

Please note that as this page is not available by a secure + mechanism (for instance https), you cannot rely on keys or information + available here for verification purposes. The details here are + for information only.

+ +

Which release should be signed with which key?

+

Stable releases are signed by both the ftp-master automatic archive signing + key in use at the time of the release, and a per-release stable key. Release + files for other releases (proposed-updates, testing, testing-proposed-updates, + unstable and experimental) are signed only by the ftp-master automatic key.

+ +

The security archive is signed by the normal ftp-master key only.

+ +

The current procedure is that there is one ftp-master key per + release (former procedure introduced a new key once per year).

+ +
+ +
+

Archive Keys

+

Active Signing Keys

+ +

The current (2007/etch) key can be downloaded here

+ +

Upcoming Signing Keys

+

The new key, which will be used after the 4.0 key expires or + after Lenny r1 is released, can be downloaded here. (The debian-devel announcement + regarding this key can be read at + + http://lists.debian.org/debian-devel-announce/2009/01/msg00008.html)

+ +

Stable Keys

+

etch

+

Details of the etch key from the release team

+ +

lenny

+

Details of the lenny key from the release team

+ +

Retired Signing Keys

+

The following retired and in most cases expired keys are + available. Note that these keys are no longer in use and are + listed here for reference purposes only: +

+ +

+
+ +
+

Key Replacement Procedure

+ +

When the archive key is to be replaced, a new key will be generated by one of the + ftpmasters. This key will then be signed by that ftpmaster and other ftpmasters and + members of the ftpteam (including verification by phone call of the fingerprint and + other details of the key to be signed).

+ +

Once the new key is prepared, it will be placed on this page, put into the relevant + archive packages and announced to debian-devel-announce well in advance of being used.

+ +
+ +
+

Key Revokation Procedure

+

A revokation certificate for the archive key is produced at the time of the creation + of an archive key. The program ssss (a Shamir's secret sharing scheme implementation) + is then used to produce 20 shares of which 10 are needed to recover the revokation cert. + This procedure is for use in emergencies only (such as losing ftp-master.debian.org and + all of the backups, a hopefully unlikely event) as the key can normally be used to produce + its own revokation certificate.

+
+ +
+
+
Debian FTP team
+ + + diff --git a/web/keys/archive-key-4.0.asc b/web/keys/archive-key-4.0.asc new file mode 100644 index 00000000..c2425d5e --- /dev/null +++ b/web/keys/archive-key-4.0.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGiBEVhrscRBAD4M5+qxhZUD67PIz0JeoJ0vB0hsLE6QPV144PLjLZOzHbl4H3N +hJynyQLwsxmLv+FvCeaKNjZJQxmpIUbolBc5gDvltY9md0VjAIA4BEArR0qSQQ39 +/pq6gQDXMEfwJTnzqY+ZXoQo9p6UIJvjp221QbLcTBW0LTJAOJu77UYj6wCgyMWJ +XvRz3WFNrOA4q1U87lc6/IED/AivTlX6QQ38BXhZf6UMCfEXSNQuEJbh2PC3YRPj +V9EyUWlX92cebCThQ/U6lpUdrpDTTIUbDIk4QfvV16QhTBihcFrS7UvikTN94SNF +9uQbTShOLvtR0gvgGlvzcedYIfdYeaQhyTW/kAspQYiYbsJiVxYbNl+FfFVekX/y +nEotA/4/0Q1BPGPHTYWBoQV4bqKr7PiAxgoei0n/bEfc6iCh9P/Sv393iJlDI8V5 +pMwGjx+vCH9uOW07lJQhkkXslBlim4O3lU6dXWwUWh9rPTk2Fzx7PeXzFU7mOTEj +1wx71p1c81AuaI2KrshSyjWs7FI4TR/judMSbu4N6kfT/O+tFbRGRGViaWFuIEFy +Y2hpdmUgQXV0b21hdGljIFNpZ25pbmcgS2V5ICg0LjAvZXRjaCkgPGZ0cG1hc3Rl +ckBkZWJpYW4ub3JnPohnBBMRAgAnBQJFYa7HAhsDBQkE6bcABwsJCAcDAgEEFQII +AwQWAgMBAh4BAheAAAoJEKcNr1NgcNOhLz8An1TEmmq7fltTpQ+Y1oWhnE8WhVeQ +AKCzh3MBoNd4AIGHcVDzv0N0k+bKZYhGBBARAgAGBQJFYa8JAAoJEDsXvHQqTj6q +t1QAoITcbL6UHZs57xqk0WwKQMjBDezLAJoCGg4Ax2g8Qp90NxhwmDhHrIXH9A== +=CGAD +-----END PGP PUBLIC KEY BLOCK----- diff --git a/web/keys/archive-key-5.0.asc b/web/keys/archive-key-5.0.asc new file mode 100644 index 00000000..024a25c8 --- /dev/null +++ b/web/keys/archive-key-5.0.asc @@ -0,0 +1,34 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.6 (GNU/Linux) + +mQINBEl/YegBEADfwjpRajuMAhtR+YDLkb5qjFeGk021hRu6zNULxLaZUKKle6nu +8CKnjhmVwUBlzje1vmVCi5d5tZfIFFxe6r5gtfnNnxDn3KM85o6gWh1mtHDecxrn +Lu5D/7xFGBD+C0sasBuxQItwBsgUk6xYGGm2Yn2PW2ig0Zik0QJXEkFF7F1gm+Ww +POMxH85uwH8Rf9F/UanCoMtZn3mm+9JqFLu0yVCTa1naJs1jWb9ivRdQuOI8foFC +dqhQhqj2qws5zxfIZQ+fjkycTCok4kLMcJzWvHfabMmNiiHif8JgQ2me1sc+UMQO +wOOQ97EBE8wCaQ8ahPJ2pnCD3VyrcKIf8k2LVezm7lL5z6tf4CtvTGL+tNA/jVez +SNdqWAATs3+ZmXbTRPtfikn077pGNwWnlA6VjnfaVm1OpIix4cyIkE5CoTQ/Ou/i +R7V4V51JUGY/8d1/rIwHKFEOoblbS46qWGsx1lHyEPqfioACd2TnfqywDZ+NALEr +ceT88cR1dubrvHcMZ5AOeHbyM75kEtXaTPjxTCaGg3dKN2RMVKLg4Qz+g9F1WeCu +xY9RQu/0iCGZUCwXnfS05XiavPB728LN//2yuh8glY7NFB9PRd+mH/V9Ib5FctQF +ccMDMjozhzuveuXdFB31HNcJYZ6gguikTDtj5cYH21G+KPTYfNtHDiMTQwARAQAB +tEdEZWJpYW4gQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmluZyBLZXkgKDUuMC9sZW5u +eSkgPGZ0cG1hc3RlckBkZWJpYW4ub3JnPokCPAQTAQIAJgUCSX9h6AIbAwUJB2KH +AAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEJqjjc1VvjArY0YQAIuE1hR30nLm +gi5jTFhkwIY4hp5LqpwUZyVaCbb2CEqtAHN/ocFaru6wiIeuBSdgBcp4VvIqkSQe +R0ZoGyGKg5OQqcS1H4aD29KyRJfWr9FRy0d8EXnz4Zpl6ourQ46veB1esgIjSf+r +fqYaspuXiJgK1VXhhnHt5Vt3L5ZKZxd8kEeFzCXZ4xifIXXuDEu3+6QS4Kd4koaA +la87pLHAqGXTNX/6z1avWcIMK2Vlqks3L8/1JjxSteTk6oqirdaKwPerPxBJD/P0 +oYFP6IPn66MgyR8zXb3iNEPIsxprLTNA9ZX5G7X+9RbjodNpCqNn97pb/SUMlGXW +Fu7NxhRF3J8MuiVTMnuO9Ugl9OtNoEp1gQQbkSinOVA53RJd8yi0ykPTnLHbhYHx +Vws9ImrBIA/5QCbjqgnQU/VihFNf9lUZbYwScfoPY6aNn5lkjxzlUgtGU3FPARQr +MgEQrHRB5QRPeUvxNj9zlfkY6tj/lENcqT6BBUQs2cLKsoMbziRMD/0vCKqU6zar +cU5T/jT0cGuvqDPDsH/KdBEDI8PPw3jGlqgNc4g0GG7Ejzey9QfbeHCThmcZA8WH +qmjZ4obE07Xs1KNzqcMsfkagoyt9PGhu7cx4fMQOeps9+YOgapJqiL/xCpFGpHKK +kYwxyXj+DUenM7pIa8VvdC+PskfnVIaAiEYEEBECAAYFAkl/YsYACgkQcV7WoH57 +ismMXwCcD5p3sw3ONeV/TtFY/kEsygboYSgAnjVKUc2tCWQQ4C7tBqx65ceSyiZw +iEYEEBECAAYFAkl/aEIACgkQNIW6CNDsByMDkQCgtZdra037xHicYW5OOzephXSu +FRsAn3qS87naNPDSNmU2IRfxEoPgPUzViEYEEBECAAYFAkl/aJoACgkQ9Cbhsr6b ++NrbfgCglGQZTJesdn4Zqn/G3EZC3jiR3s8An3q1dHmn0cvjbsZgiYx2vFPQkdVb +=dCmY +-----END PGP PUBLIC KEY BLOCK----- diff --git a/web/ziyi_key.asc b/web/keys/ziyi_key.asc similarity index 100% rename from web/ziyi_key.asc rename to web/keys/ziyi_key.asc diff --git a/web/ziyi_key2.asc b/web/keys/ziyi_key2.asc similarity index 100% rename from web/ziyi_key2.asc rename to web/keys/ziyi_key2.asc diff --git a/web/ziyi_key_2002.asc b/web/keys/ziyi_key_2002.asc similarity index 100% rename from web/ziyi_key_2002.asc rename to web/keys/ziyi_key_2002.asc diff --git a/web/ziyi_key_2003.asc b/web/keys/ziyi_key_2003.asc similarity index 100% rename from web/ziyi_key_2003.asc rename to web/keys/ziyi_key_2003.asc diff --git a/web/ziyi_key_2003v2.asc b/web/keys/ziyi_key_2003v2.asc similarity index 100% rename from web/ziyi_key_2003v2.asc rename to web/keys/ziyi_key_2003v2.asc diff --git a/web/ziyi_key_2004.asc b/web/keys/ziyi_key_2004.asc similarity index 100% rename from web/ziyi_key_2004.asc rename to web/keys/ziyi_key_2004.asc diff --git a/web/ziyi_key_2005.asc b/web/keys/ziyi_key_2005.asc similarity index 100% rename from web/ziyi_key_2005.asc rename to web/keys/ziyi_key_2005.asc diff --git a/web/ziyi_key_2006.asc b/web/keys/ziyi_key_2006.asc similarity index 100% rename from web/ziyi_key_2006.asc rename to web/keys/ziyi_key_2006.asc diff --git a/web/ziyi_key_revoke.asc b/web/keys/ziyi_key_revoke.asc similarity index 100% rename from web/ziyi_key_revoke.asc rename to web/keys/ziyi_key_revoke.asc -- 2.39.5