New Key Discussion
Jeffrey Ollie
jeff at ocjtech.us
Tue Aug 26 18:51:48 UTC 2008
On Tue, Aug 26, 2008 at 12:16 PM, Warren Togami <wtogami at redhat.com> wrote:
>
> 5) In a few weeks after all F8+ packages are resigned with the new key,
> revoke the old key. The only way we can revoke the old key is to rpm -e
> it. Unfortunately, skvidal did some research into ways we could
> possibly achieve this and our options are not good. rpm -e is
> impossible during rpm %post because it locks the transaction. We really
> do need a way to automate revocation of the old key. It seems we have a
> few weeks to figure out a way to do it.
>
> (Idea: Perhaps we add a hack to rpm itself in a package update? Ugly as
> hell, but what other options do we have?)
Drop a script in /etc/cron.hourly that rpm -e's the key and then
deletes/disables itself.
--
Jeff Ollie
"You know, I used to think it was awful that life was so unfair. Then
I thought, wouldn't it be much worse if life were fair, and all the
terrible things that happen to us come because we actually deserve
them? So, now I take great comfort in the general hostility and
unfairness of the universe."
-- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon"
More information about the rel-eng
mailing list