[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: New Key Repo Locations

Axel Thimm wrote:
On Fri, Aug 29, 2008 at 12:54:40PM +0200, Jeroen van Meeuwen wrote:
Axel Thimm wrote:
W/o knowing all details, why not move os to os.oldkey and use os as
the new key's content? If the key is considered compromised what
mirror admin would like to keep the old signed packages around anyhow?

I think then the problem becomes that every existing installation points to os/ where it would need os.oldkey/ to get the packages it can check gpg keys on.

But isn't this desired behaviour? We don't actually want os.oldkey/ to
be used anymore (mid-term) as we need to revoce the key in case it has
been stolen. Maybe we don't need os.*key at all.

E.g. if a key has been stolen, burn all signed stuff and recreate them
with a new key.

The problem then becomes that a fedora-release package update needs to come from the old location which is the only location a currently running client knows about, signed with the old key (which again is all the running client knows about at this point).

In addition, I think they are burning everything-but-the-relevant pieces (such as a fedora-release file with an updated repo config, and the packagekit update that is able to gpg key import).

Kind regards,

Jeroen van Meeuwen

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]