Proposal: Single GPG key per Fedora release (starting with 11)

Mark markg85 at
Tue Apr 21 00:28:10 UTC 2009

On Tue, Apr 21, 2009 at 1:17 AM, Jesse Keating <jkeating at> wrote:
> As I mentioned in an earlier thread I was interested in reducing the
> number of gpg keys down to one per release.  Currently we have two, one
> we sign development builds with during beta/preview and updates-testing,
> and then one we sign the released packages with and the stable updates
> with.  Multiple keys per release creates a lot of churn, reduces the
> number of hardlinks we can maintain, and causes a lot of delay in
> getting package sets prepped for the different releases.  As such I'm
> proposing that we reduce the keys down to one per release, used for all
> the scenarios listed, starting with Fedora 11.  There is already a
> Fedora 11 key that was used to sign beta and will be used to sign
> preview release, I would just revoke / delete the current ID which
> mentions testing and replace it with an ID of just "Fedora 11".
> fedora-release will be modified to handle this in the repo files as
> well.
> If there are no strong reasonable objections this will happen early this
> week in time for the Preview release.

Sounds like a good thing to do.

Just one other thing i notice here.
Look at what you've done here. You seggest something and are going to
implement it unless you get some feedback that lets you think. That on
it's own is no problem for me.

The problem i see is that when anyone wants to request anything to be
done in fedora they have to:
- Write a detailed page on the wiki
- Make a bugzille feature request
- wait some time till it's reviewed (can be days, weeks or even months if ever)
- let it be approved by fesco

and what else did i forget.
I have to mention with that that it's just how i see new stuff getting
in (or rejected).
No first hand experience here but only how i witness it.

So now i'm wondering.. how come that you can get something in within a
mather of hours and without explaining a lot or having to fill in a
wiki proposal page? shouldn't you (specially you because your a redhat
employee and should be an example for the rest) go through the same
lenghty path as all other people have to do when they want to change
anything at all in fedora? Somehow what you did seems a bit unfair to
everyone making lengty proposals and letting them pass through all the
required steps.

Just my observation here.

More information about the fedora-devel-list mailing list