Axel Thimm wrote:
On Fri, Aug 29, 2008 at 12:54:40PM +0200, Jeroen van Meeuwen wrote:
Axel Thimm wrote:
W/o knowing all details, why not move os to os.oldkey and use os as
the new key's content? If the key is considered compromised what
mirror admin would like to keep the old signed packages around anyhow?
I think then the problem becomes that every existing installation points
to os/ where it would need os.oldkey/ to get the packages it can check
gpg keys on.
But isn't this desired behaviour? We don't actually want os.oldkey/ to
be used anymore (mid-term) as we need to revoce the key in case it has
been stolen. Maybe we don't need os.*key at all.
E.g. if a key has been stolen, burn all signed stuff and recreate them
with a new key.
The problem then becomes that a fedora-release package update needs to
come from the old location which is the only location a currently
running client knows about, signed with the old key (which again is all
the running client knows about at this point).
In addition, I think they are burning everything-but-the-relevant pieces
(such as a fedora-release file with an updated repo config, and the
packagekit update that is able to gpg key import).
Kind regards,
Jeroen van Meeuwen
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
