Bruno Wolff III <bruno <at> wolff.to> writes:
And adds another. If one of those third parties goes belly up, then
Fedora
is going to have to take extraordinary measures to get packages signed in
a way that will be axxepted again.
Not true. As I mentioned before, the criteria would be that package is signed
with N good keys. So, resigning with someone else's key would be sufficient to
overcome this.
BTW, third parties do not have to be companies. They can be trusted Fedora
contributors, for instance.
--
Bojan