New Key Repo Locations
Axel Thimm
Axel.Thimm at ATrpms.net
Fri Aug 29 13:32:19 UTC 2008
On Fri, Aug 29, 2008 at 12:54:40PM +0200, Jeroen van Meeuwen wrote:
> Axel Thimm wrote:
>> W/o knowing all details, why not move os to os.oldkey and use os as
>> the new key's content? If the key is considered compromised what
>> mirror admin would like to keep the old signed packages around anyhow?
>>
>
> I think then the problem becomes that every existing installation points
> to os/ where it would need os.oldkey/ to get the packages it can check
> gpg keys on.
But isn't this desired behaviour? We don't actually want os.oldkey/ to
be used anymore (mid-term) as we need to revoce the key in case it has
been stolen. Maybe we don't need os.*key at all.
E.g. if a key has been stolen, burn all signed stuff and recreate them
with a new key.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20080829/b581b5dd/attachment.bin
More information about the infrastructure
mailing list