On Thu, Jun 05, 2014 at 08:19:28 -0400, Simo Sorce <simo@xxxxxxxxxx> wrote:
The problem is not just the compromised key, but compromised packages, though I guess you could re-sign all packages, but then you also have to ship those signatures out of band (you cannot force people to re-install all packages right ?).
Didn't we do something like this in response to: https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
