Axel Thimm wrote:
If ATM the key is considered stolen, the users need to stop using the key immediately anyway. Issuing a new package signed with the old key is just keeping the racing window open. (...snip...)
I agree with you for the most part, but I'll leave the risk assessment and corresponding consequential response paradigm to the ones that know best what happened and are actually in a position to decide whether or not to revoke keys and nuke content or to make it an easy transition now just to be safe rather then sorry.
Kind regards, Jeroen van Meeuwen -kanarip _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
