On Fri, 2004-10-29 at 08:23 -0400, Jeff Spaleta wrote:
> On Fri, 29 Oct 2004 14:13:47 +0200, Nils Philippsen <nphilipp@xxxxxxxxxx> wrote:
> > Come on, you know that you needn't do it that way. For Rawhide, all we
> > (that is some people including me) want to have is that the packages
> > that originate in the Red Hat build system are signed with a short-lived
> > key that we can be sure that the package is in fact the one piped
> > through the build system. This can be made part of the pushing step in
> > the process.
>
> Short lived? I think this is the first time I've seen someone
> mentioning a short lived key. How short lived?
I should have written "potentially short-lived", less because I think
the key would be compromised, more because I would like to have the key
for Rawhide changed for every development cycle. So people would have to
regularly think about whether they really want to run Rawhide or
not ;o).
Nils
--
Nils Philippsen / Red Hat / nphilipp@xxxxxxxxxx
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011