Proposal: Single GPG key per Fedora release (starting with 11)

Dennis Gilmore dennis at ausil.us
Tue Apr 21 00:06:44 UTC 2009


On Monday 20 April 2009 06:17:21 pm Jesse Keating wrote:
> As I mentioned in an earlier thread I was interested in reducing the
> number of gpg keys down to one per release.  Currently we have two, one
> we sign development builds with during beta/preview and updates-testing,
> and then one we sign the released packages with and the stable updates
> with.  Multiple keys per release creates a lot of churn, reduces the
> number of hardlinks we can maintain, and causes a lot of delay in
> getting package sets prepped for the different releases.  As such I'm
> proposing that we reduce the keys down to one per release, used for all
> the scenarios listed, starting with Fedora 11.  There is already a
> Fedora 11 key that was used to sign beta and will be used to sign
> preview release, I would just revoke / delete the current ID which
> mentions testing and replace it with an ID of just "Fedora 11".
> fedora-release will be modified to handle this in the repo files as
> well.
>
> If there are no strong reasonable objections this will happen early this
> week in time for the Preview release.
sounds sane to me.

Dennis




More information about the fedora-devel-list mailing list