Axel Thimm wrote:
> Either the key is considered compromized and one needs to do the full
> program, or it is reasonably considered safe (by a brute-force safe
> passphrase and really assuming the passphrase has not been lost to the
> intruder as well), in which case no steps are needed, but phasing it
> out before the computing power gets accessible to break it (e.g. new
> keys for F10 upwards).
> The current program looks like a mix of assuming "safe" (so the old
> key can be used for signing new packages, even if it just a few) and
> assuming "compromised" needing a resiging of all content.
It turns out that we're ahead of schedule in re-signing. Due to bodhi
limitations we needed to resign all updates before pushing any new
updates, and that is done now. I have to check with Jesse but I suspect
resigning of Everything should be done early during this upcoming week.
(It might even be close to done now, I dunno.)
The re-signing of Everything however is not blocking implementation of
the first stages of the plan - which includes updates going out.
Anyhow, updates should begin flowing soon, and shortly thereafter the
old key is removed. Oh, did you actually test rpm -e during %post?
According to skvidal it doesn't work because it locks the transaction.
Jeremy thinks the only assured way we can remove the old key is with a
hardcoded hack in rpm that will be removed in F10 rpm.
I tested rpm -e during %post on two f9 systems, It locked the rpmdb