On 8/21/19 2:50 AM, Petr Mensik wrote: > > I think f32 key should NOT be used until this is fully separated and > compose for older versions exist. Unless that key was leaked somehow, > there is no hurry, right? That hurry makes pain to many people without > justification for it, > I think. Well, sure, I suggested we might want to 'pause' rawhide composes until we have a branched next time, but that isn't great either because it means people wanting to work on rawhide also have to wait for it. > > There would always be mass rebuild in later stage of F32, no need to > switch key immediately. I think new key should not be enabled for > signing in new Rawhide until all supported versions have that key in > stable updates repo. That is not yet true now. Sure, and we could push the new fedora-repos update sooner. I don't disagree. > > I am thinking, is there written guidance how to switch signing key on a > branch? Are we prepared for emergency in case that key was leaked? We had to do this in fedora 9(?). Basically a new key was issued and everything was resigned with that key and the repo was fedora9-newkey. kevin
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
