Jeroen van Meeuwen wrote:
>> Will the ISOs be respun to reflect the changes as well so
that what is
>> in os/ or in os.newkey/ meets what each of the ISO expects? I guess this
>> is primarily relevant to respins, netinstalls and so forth, as the old
>> RPM-GPG-KEYs will be in the root of those ISOs and I can only presume
>> they are used, and people will want to use os.newkey/ as the tree to
>> install from.
> At this time, the isos will not be respun. We will however re-sign the
> SHA1SUM file with the new gpg key. We are certain that the content on
> the ISOs (and the numerous hard copies floating about) are safe. The
> only content to be left in the repos these isos will be able to access
> out of the box will be the transition fedora-update release, and the
> fixed packagekit for gpg importing. We'll also have mirrormanager
> direct all requests for the old dir directly to mirrors which we have
> ultimate control over.
>
I'm not sure how that solves the net install use case, especially if
mirrormanager is going to redirect to os.newkey/, as signatures used on
os.newkey/ packages will not meet what the installer expects the
signature to be on these files.
You misunderstand the New Key plan. Mirrormanager for the existing
repos fedora, updates and updates-testing will not redirect to the new
location. Please read the plan again carefully.
Warren Togami
wtogami(a)redhat.com