On Sat, Oct 17, 2015 at 2:46 AM, Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> wrote: > On Fri, Oct 16, 2015 at 07:37:15PM -0500, Dennis Gilmore wrote: >> fedora-repos should have all the keys needed for upgrade. So the only thing needing the keys is mock. However I'm not sure you should include rpmfusion keys in Fedora. > > On a related note, something that I thought about when trying to > verify old Fedora keys... > Would it be possible for people who create those keys (or other people > from release-engineering who can verify that they keys are correct) to > sign them with their private keys and upload the resulting signatures > to public key servers? It would provide an additional verification > path. Distribution package signing keys are important enough for this > to be worth the extra work imho. Well if that needs to be done it should be maintained by rel-eng, but ultimately there might be a better way to deal with it than duplicating a bunch of files. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
