[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: New Key Repo Locations



On Fri, Aug 29, 2008 at 12:54:40PM +0200, Jeroen van Meeuwen wrote:
> Axel Thimm wrote:
>> W/o knowing all details, why not move os to os.oldkey and use os as
>> the new key's content? If the key is considered compromised what
>> mirror admin would like to keep the old signed packages around anyhow?
>>
>
> I think then the problem becomes that every existing installation points  
> to os/ where it would need os.oldkey/ to get the packages it can check  
> gpg keys on.

But isn't this desired behaviour? We don't actually want os.oldkey/ to
be used anymore (mid-term) as we need to revoce the key in case it has
been stolen. Maybe we don't need os.*key at all.

E.g. if a key has been stolen, burn all signed stuff and recreate them
with a new key.
-- 
Axel.Thimm at ATrpms.net

Attachment: pgp6fvlZAxPsF.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]