On 1/18/06, Rahul Sundaram <sundaram@xxxxxxxxxx> wrote: > >Here's a proposal... just give "fedora Legacy" the keys to the standard > >updates repo when its time is up. Updates just keep coming, from the > >usual place, users don't have to take action or notice or get fearful. > >Change the "fedora Legacy" project name to "Stability Response Team", > >"updates-released monkeymen" or "Deep Update Attack Tigers!!!". Stick > >an article or two in Red Hat Magazine saluting the work of the maintainers. > > > > > Agreed on that 100%. Correct me if I'm wrong, but right now there isn't a per-release key used for fedora core packages. I don't think its appropriate to hand over the keys across Core/Legacy bounary unless Core moves to per-release keys which Core is garunteed not to use again in later releases. Beyond that, I really do not think it makes any sense at all for legacy and core sharing signing keys...ever. They have different bugzilla components, they have different build infrastructure... they are a different group of maintainers with a different policy with regard to updates. Its about as useful as my wife and I sharing the same gpg key. Having Legacy using its own signing key isn't a particular egregious hardship. The fedora-release package, which provides the repository definitions could easily provide the Legacy key and provide a legacy definition which references the ondisk Legacy key. Yum would import that key as needed. There is very little benefit to having Core share keys with Extras or Legacy, correctly configured tools simply don't care if Legacy or Extras is using a different key. -jef -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
