On Fri, Aug 29, 2008 at 12:54:40PM +0200, Jeroen van Meeuwen wrote: > Axel Thimm wrote: >> W/o knowing all details, why not move os to os.oldkey and use os as >> the new key's content? If the key is considered compromised what >> mirror admin would like to keep the old signed packages around anyhow? >> > > I think then the problem becomes that every existing installation points > to os/ where it would need os.oldkey/ to get the packages it can check > gpg keys on. But isn't this desired behaviour? We don't actually want os.oldkey/ to be used anymore (mid-term) as we need to revoce the key in case it has been stolen. Maybe we don't need os.*key at all. E.g. if a key has been stolen, burn all signed stuff and recreate them with a new key. -- Axel.Thimm at ATrpms.net
Attachment:
pgpIyqP2Rd2m2.pgp
Description: PGP signature
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
