When to publish the release key
Björn Persson
bjorn at xn--rombobjrn-67a.se
Tue Mar 19 22:54:39 UTC 2013
Kevin Fenzi wrote:
> On Tue, 19 Mar 2013 21:24:22 +0100
> Björn Persson <bjorn at xn--rombobjrn-67a.se> wrote:
>
> > Is there a date in the release schedule when the new release key shall
> > be added to <https://fedoraproject.org/keys>? It seems logical to me
> > to publish the key as soon as it has been generated, or at least
> > before it's used to sign any packages.
>
> I don't know of any formal task for this.
>
> I have asked the websites folks to do so, but they have been busy
> (as have I).
>
> Perhaps you would like to help out?
I suppose I could, but I'd need not only access to edit the page, but
also a highly secure way of getting the key from the person who
generated it.
> > Signed Fedora 19 packages have started showing up on the mirrors, and
> > on the keyservers there is a key that claims to be the Fedora 19
> > release key, generated on the first of December, but since the key
> > isn't signed and isn't on the web page I have no way of verifying it.
>
> It's in the fedora-release-18 package as well.
> Go to your fedora 18 machine and look at:
>
> /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-19-primary
Oh! That's great! I'm so used to not having the next key there that I
didn't think to check.
(But if I were to upload it to the website for everyone to use as a
reference, then I'd prefer to get it more directly from the source.)
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130319/c7e1cabf/attachment.sig>
More information about the devel
mailing list