On Sat, Oct 17, 2015 at 03:05:42AM +0100, Peter Robinson wrote: > On Sat, Oct 17, 2015 at 2:46 AM, Zbigniew Jędrzejewski-Szmek > <zbyszek@xxxxxxxxx> wrote: > > On Fri, Oct 16, 2015 at 07:37:15PM -0500, Dennis Gilmore wrote: > >> fedora-repos should have all the keys needed for upgrade. So the only thing needing the keys is mock. However I'm not sure you should include rpmfusion keys in Fedora. > > > > On a related note, something that I thought about when trying to > > verify old Fedora keys... > > Would it be possible for people who create those keys (or other people > > from release-engineering who can verify that they keys are correct) to > > sign them with their private keys and upload the resulting signatures > > to public key servers? It would provide an additional verification > > path. Distribution package signing keys are important enough for this > > to be worth the extra work imho. > > Well if that needs to be done it should be maintained by rel-eng, but > ultimately there might be a better way to deal with it than > duplicating a bunch of files. Duplicating? What do you mean? Zbyszek -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
