Proposal: Single GPG key per Fedora release (starting with 11)

Jesse Keating jkeating at
Mon Apr 20 23:17:21 UTC 2009

As I mentioned in an earlier thread I was interested in reducing the
number of gpg keys down to one per release.  Currently we have two, one
we sign development builds with during beta/preview and updates-testing,
and then one we sign the released packages with and the stable updates
with.  Multiple keys per release creates a lot of churn, reduces the
number of hardlinks we can maintain, and causes a lot of delay in
getting package sets prepped for the different releases.  As such I'm
proposing that we reduce the keys down to one per release, used for all
the scenarios listed, starting with Fedora 11.  There is already a
Fedora 11 key that was used to sign beta and will be used to sign
preview release, I would just revoke / delete the current ID which
mentions testing and replace it with an ID of just "Fedora 11".
fedora-release will be modified to handle this in the repo files as

If there are no strong reasonable objections this will happen early this
week in time for the Preview release.

Jesse Keating
Fedora -- Freedom² is a feature!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the fedora-devel-list mailing list