New package distribution-gpg-keys
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Sat Oct 17 02:09:38 UTC 2015
On Sat, Oct 17, 2015 at 03:05:42AM +0100, Peter Robinson wrote:
> On Sat, Oct 17, 2015 at 2:46 AM, Zbigniew Jędrzejewski-Szmek
> <zbyszek at in.waw.pl> wrote:
> > On Fri, Oct 16, 2015 at 07:37:15PM -0500, Dennis Gilmore wrote:
> >> fedora-repos should have all the keys needed for upgrade. So the only thing needing the keys is mock. However I'm not sure you should include rpmfusion keys in Fedora.
> >
> > On a related note, something that I thought about when trying to
> > verify old Fedora keys...
> > Would it be possible for people who create those keys (or other people
> > from release-engineering who can verify that they keys are correct) to
> > sign them with their private keys and upload the resulting signatures
> > to public key servers? It would provide an additional verification
> > path. Distribution package signing keys are important enough for this
> > to be worth the extra work imho.
>
> Well if that needs to be done it should be maintained by rel-eng, but
> ultimately there might be a better way to deal with it than
> duplicating a bunch of files.
Duplicating? What do you mean?
Zbyszek
More information about the devel
mailing list