diff options
author | Lars Wirzenius <liw@liw.fi> | 2017-01-01 13:03:51 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2017-01-01 13:03:51 +0200 |
commit | 8716270cd2b1e9c2499e2a23bae373a2d5ebc884 (patch) | |
tree | ce60edac450c9193ff3d7e4d576e065d8a1d44ac | |
download | code.liw.fi-keyring-8716270cd2b1e9c2499e2a23bae373a2d5ebc884.tar.gz |
Add README
-rw-r--r-- | README | 29 |
1 files changed, 29 insertions, 0 deletions
@@ -0,0 +1,29 @@ +README for code.liw.fi-keyring +======================================================================== + +I publish my various free software projects on a site called +code.liw.fi. Part of that is an APT repository for .deb packages. That +repository is digitally signed using OpenPGP. Thie package contains +the public key necessary to check the signature. By installing this +package, APT know of the key and use to check. + +When it's time to rotate the signing key, I will first generate a new +key, and add it to this package. Then I wait for some time to allow +everyone who uses code.liw.fi to upgrade, perhaps a month or two. I +will then start using the new signing key, and drop the old key from +the package. This way, as long as everyone upgrades to the new version +of this package sufficiently frequently (more than once month), nobody +else needs to do any work to deal with a new key. + +(Debian itself uses a similar setup.) + +Legalse +------------------------------------------------------------------------ + +There is no copyright on this package. It's way too simple to be +copyrighted. Also, most of the data is the public key, which is +generated from random numbers. Also not copyrightable. If you want to +make your own package based on this, go right ahead. You'll need to +use your own key, of course. + +You can't have my private key, sorry. |