Fedora 8 and 9 updates re-enabled
Paul Wouters
paul at xelerance.com
Wed Sep 10 15:43:22 UTC 2008
On Tue, 9 Sep 2008, Jesse Keating wrote:
> Most users will simply need to apply the offered updates, and later
> apply any further updates, and verify/import the new GPG key.
> For more details and an FAQ, please see
> https://fedoraproject.org/w/index.php?title=Enabling_new_signing_key
One question I don't see answered is whether the upgrade system purges
the trust on the old key from our systems after verification of the new
key. Otherwise, some DNS or wifi hack in the future could lead me to
a false update site using the old compromised key and my system would
still install those updates.
Paul
More information about the fedora-devel-list
mailing list