On Thu, 10 Aug 2017, KatolaZ wrote:

> Hi,
>
> as you know, parazyd has setup the new amprolla instance which will
> provide merged repos for the mirrors. The problem is that the instance
> would need a signing key. Now there are at least a couple of
> possibilities:
>
> a) using the same signing key used by the current amprolla
> b) using a signing subkey of the current signing key used by amprolla
> c) having a brand new signing key
>
> Option c) is not ideal, since it would require updating
> devuan-keyring. Please consider that the new amprolla instance is
> *not* reachable from outside (it will rsync-push the merged repos to
> pkgmaster.devuan.org, from which the mirrors will pull them down), so
> it should be a relatively risk-free environment.
>
> Once we solve this last issue, we will be ready to test mirrors.
>
> How shall we proceed?

Any thoughts on this? I believe any option that is not option a)
requires an update to devuan-keyring. It's not a bad thing though. For
manageability, I'd vote for option b) that KatolaZ has listed.

--
~ parazyd
GnuPG: 03337671FDE75BB6A85EC91FB876CB44FA1B0274
GnuPG: https://parazyd.cf/FA1B0274.asc