On Thu, Jun 05, 2014 at 08:19:28 -0400,
Simo Sorce <simo(a)redhat.com> wrote:
The problem is not just the compromised key, but compromised packages,
though I guess you could re-sign all packages, but then you also have to
ship those signatures out of band (you cannot force people to re-install
all packages right ?).
Didn't we do something like this in response to:
https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010....