On Fri, 20 Mar 2009 21:00:21 +0100 Till Maas <opensource@xxxxxxxxx> wrote: > On Do März 19 2009, Milos Jakubicek wrote: > > > Don't panic, the -newkey repos are there because of a security > > accident in last summer as a new signing key for our RPMs has been > > created and all of them resigned (into a new -newkey repo). > > Afaik only updates after the incident have been signed with the new > keys, which imho did not really fix any problem in case the signing > key leaked. It only helps to update to F10 and to remove the old > signing keys from the rpm database. No, all the existing updates were re-signed and moved to the new repo, with the exception of an updated fedora-release, PackageKit and their dependencies that would be needed for users to transition to the new repo. Old repo: http://download.fedora.redhat.com/pub/fedora/linux/updates/9/i386/ New repo: http://download.fedora.redhat.com/pub/fedora/linux/updates/9/i386.newkey/ Paul. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
