New Key Repo Locations
Jeroen van Meeuwen
kanarip at kanarip.com
Fri Aug 29 13:42:31 UTC 2008
Axel Thimm wrote:
> On Fri, Aug 29, 2008 at 12:54:40PM +0200, Jeroen van Meeuwen wrote:
>> Axel Thimm wrote:
>>> W/o knowing all details, why not move os to os.oldkey and use os as
>>> the new key's content? If the key is considered compromised what
>>> mirror admin would like to keep the old signed packages around anyhow?
>>>
>> I think then the problem becomes that every existing installation points
>> to os/ where it would need os.oldkey/ to get the packages it can check
>> gpg keys on.
>
> But isn't this desired behaviour? We don't actually want os.oldkey/ to
> be used anymore (mid-term) as we need to revoce the key in case it has
> been stolen. Maybe we don't need os.*key at all.
>
> E.g. if a key has been stolen, burn all signed stuff and recreate them
> with a new key.
>
The problem then becomes that a fedora-release package update needs to
come from the old location which is the only location a currently
running client knows about, signed with the old key (which again is all
the running client knows about at this point).
In addition, I think they are burning everything-but-the-relevant pieces
(such as a fedora-release file with an updated repo config, and the
packagekit update that is able to gpg key import).
Kind regards,
Jeroen van Meeuwen
More information about the infrastructure
mailing list