[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: New Key Repo Locations

Jeroen van Meeuwen wrote:
Will the ISOs be respun to reflect the changes as well so that what is in os/ or in os.newkey/ meets what each of the ISO expects? I guess this is primarily relevant to respins, netinstalls and so forth, as the old RPM-GPG-KEYs will be in the root of those ISOs and I can only presume they are used, and people will want to use os.newkey/ as the tree to install from.
At this time, the isos will not be respun.  We will however re-sign the
SHA1SUM file with the new gpg key.  We are certain that the content on
the ISOs (and the numerous hard copies floating about) are safe.  The
only content to be left in the repos these isos will be able to access
out of the box will be the transition fedora-update release, and the
fixed packagekit for gpg importing.  We'll also have mirrormanager
direct all requests for the old dir directly to mirrors which we have
ultimate control over.

I'm not sure how that solves the net install use case, especially if mirrormanager is going to redirect to os.newkey/, as signatures used on os.newkey/ packages will not meet what the installer expects the signature to be on these files.

You misunderstand the New Key plan. Mirrormanager for the existing repos fedora, updates and updates-testing will not redirect to the new location. Please read the plan again carefully.

Warren Togami
wtogami redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]