On Sat, Oct 17, 2015 at 2:46 AM, Zbigniew Jędrzejewski-Szmek
<zbyszek(a)in.waw.pl> wrote:
On Fri, Oct 16, 2015 at 07:37:15PM -0500, Dennis Gilmore wrote:
> fedora-repos should have all the keys needed for upgrade. So the only thing needing
the keys is mock. However I'm not sure you should include rpmfusion keys in Fedora.
On a related note, something that I thought about when trying to
verify old Fedora keys...
Would it be possible for people who create those keys (or other people
from release-engineering who can verify that they keys are correct) to
sign them with their private keys and upload the resulting signatures
to public key servers? It would provide an additional verification
path. Distribution package signing keys are important enough for this
to be worth the extra work imho.
Well if that needs to be done it should be maintained by rel-eng, but
ultimately there might be a better way to deal with it than
duplicating a bunch of files.