Time to resurrect multi-key signatures in RPM?
Bruno Wolff III
bruno at wolff.to
Tue Aug 26 07:55:51 UTC 2008
On Tue, Aug 26, 2008 at 07:38:46 +0000,
Bojan Smojver <bojan at rexursive.com> wrote:
> Bruno Wolff III <bruno <at> wolff.to> writes:
>
> > and adds a dependence on third parties
>
> I see that as a feature, actually. It eliminates single point of failure.
And adds another. If one of those third parties goes belly up, then Fedora
is going to have to take extraordinary measures to get packages signed in
a way that will be axxepted again.
More information about the fedora-devel-list
mailing list