Time to resurrect multi-key signatures in RPM?
bojan at rexursive.com
Tue Aug 26 08:51:05 UTC 2008
Bruno Wolff III <bruno <at> wolff.to> writes:
> And adds another. If one of those third parties goes belly up, then Fedora
> is going to have to take extraordinary measures to get packages signed in
> a way that will be axxepted again.
Not true. As I mentioned before, the criteria would be that package is signed
with N good keys. So, resigning with someone else's key would be sufficient to
BTW, third parties do not have to be companies. They can be trusted Fedora
contributors, for instance.
More information about the fedora-devel-list