Re: Updating Rawhide vs GPG keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dne 12. 03. 19 v 19:49 Kevin Fenzi napsal(a):
> We need to revamp this entirely, and as luck would have it, we have a plan:
> 
> https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/thread/5UVGSBRLX352A4S2CBZ2CGBXPAGQTYKB/

I am afraid that this will not help in this situation, because even if $releasever will be equal to "rawhide" you still
will have in repo file:
  gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch

which will have prior the branching *content* of F30 gpg key. Then after branching (let say 4 weeks later) you will run
'dnf upgrade'. It will try to download new fedodra-gpg-keys package, which will be signed by F31 gpg key.
IMO the only solution to this is:
  * create new gpg keys several months before branching and add it to fedodra-gpg-keys package and
  * gpgkey in repo file lists both gpg keys
or
  * sign rpm packages in rawhide by both keys - and I'm afraid our infrastructure is not ready for this.

Miroslav

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux