New package distribution-gpg-keys
Peter Robinson
pbrobinson at gmail.com
Sat Oct 17 02:05:42 UTC 2015
On Sat, Oct 17, 2015 at 2:46 AM, Zbigniew Jędrzejewski-Szmek
<zbyszek at in.waw.pl> wrote:
> On Fri, Oct 16, 2015 at 07:37:15PM -0500, Dennis Gilmore wrote:
>> fedora-repos should have all the keys needed for upgrade. So the only thing needing the keys is mock. However I'm not sure you should include rpmfusion keys in Fedora.
>
> On a related note, something that I thought about when trying to
> verify old Fedora keys...
> Would it be possible for people who create those keys (or other people
> from release-engineering who can verify that they keys are correct) to
> sign them with their private keys and upload the resulting signatures
> to public key servers? It would provide an additional verification
> path. Distribution package signing keys are important enough for this
> to be worth the extra work imho.
Well if that needs to be done it should be maintained by rel-eng, but
ultimately there might be a better way to deal with it than
duplicating a bunch of files.
More information about the devel
mailing list