In association with heise online

10 February 2011, 16:20

New signing key at Debian

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Debian Logo With immediate effect, the Debian Project is to use a new key to sign packages. The package manager uses the signature to ensure that only original, unmodified packages are installed. If the package manager does not recognise a signature, it will explicitly ask the user whether he or she wants to install it anyway.

The key change affects development branches Sid (unstable) and Wheezy (testing, forthcoming stable release), all security updates and all back ports. For version 6.0, aka Squeeze (stable), released just a few days ago, and version 5.0, aka Lenny (oldstable), the key will be changed as part of the next minor update. Because both distributions already recognise the new key, no problems or warnings are expected in the interim.

The Debian Project rotates its signing key every three years. The change was announced back in August 2010. The previous key remains valid until the end of 2012.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit