From 8716270cd2b1e9c2499e2a23bae373a2d5ebc884 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 1 Jan 2017 13:03:51 +0200
Subject: Add README

---
 README | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 README

diff --git a/README b/README
new file mode 100644
index 0000000..d224d95
--- /dev/null
+++ b/README
@@ -0,0 +1,29 @@
+README for code.liw.fi-keyring
+========================================================================
+
+I publish my various free software projects on a site called
+code.liw.fi. Part of that is an APT repository for .deb packages. That
+repository is digitally signed using OpenPGP. Thie package contains
+the public key necessary to check the signature. By installing this
+package, APT know of the key and use to check.
+
+When it's time to rotate the signing key, I will first generate a new
+key, and add it to this package. Then I wait for some time to allow
+everyone who uses code.liw.fi to upgrade, perhaps a month or two. I
+will then start using the new signing key, and drop the old key from
+the package. This way, as long as everyone upgrades to the new version
+of this package sufficiently frequently (more than once month), nobody
+else needs to do any work to deal with a new key.
+
+(Debian itself uses a similar setup.)
+
+Legalse
+------------------------------------------------------------------------
+
+There is no copyright on this package. It's way too simple to be
+copyrighted. Also, most of the data is the public key, which is
+generated from random numbers. Also not copyrightable. If you want to
+make your own package based on this, go right ahead. You'll need to
+use your own key, of course.
+
+You can't have my private key, sorry.
-- 
cgit v1.2.1