miabbott added a new comment to an issue you are following: ``
Hmm, but then we'd be allowing e.g. F28 content to be signed by the F27 key, right? That seems like the opposite effect of what we want from rotating keys.
Seems unlike that would happen, but I understand the reasoning.
having gpgkeyfile being a list with two keys in it (this release and next release), which enables you to rebase from one release to the next
This seems like it would enable the same problem that @jlebon called out if we were to import all the keys into the remote config.
delivering the ostree remote config via rpm (like we do for yum repos), which allows us to change the content over time
But with a unified repo, that remote config wouldn't really change...unless you are just changing the valid keys. ``
To reply, visit the link below or just reply to this email https://pagure.io/atomic-wg/issue/461