Proposal: Single GPG key per Fedora release (starting with 11)

Toshio Kuratomi a.badger at
Tue Apr 21 00:47:48 UTC 2009

Mark wrote:

> Just one other thing i notice here.
> Look at what you've done here. You seggest something and are going to
> implement it unless you get some feedback that lets you think. That on
> it's own is no problem for me.
> The problem i see is that when anyone wants to request anything to be
> done in fedora they have to:
> - Write a detailed page on the wiki
> - Make a bugzille feature request
> - wait some time till it's reviewed (can be days, weeks or even months if ever)
> - let it be approved by fesco
> and what else did i forget.
> I have to mention with that that it's just how i see new stuff getting
> in (or rejected).
> No first hand experience here but only how i witness it.
> So now i'm wondering.. how come that you can get something in within a
> mather of hours and without explaining a lot or having to fill in a
> wiki proposal page? shouldn't you (specially you because your a redhat
> employee and should be an example for the rest) go through the same
> lenghty path as all other people have to do when they want to change
> anything at all in fedora? Somehow what you did seems a bit unfair to
> everyone making lengty proposals and letting them pass through all the
> required steps.
> Just my observation here.
Different things being done with different goals.  The process you list
seems to be a hybrid of Package Review and the Feature Process.  Package
Review has a bugzilla ticket in order to get the package looked at by
more than one person and to check for known problems that have been
written down in the Guidelines.  The Feature Process requires a detailed
wiki page so that the Feature can be reported to end users and the media.

Most infrastructure and rel-eng changes don't affect end-users in the
same way as new Features or new packages.  They affect the delivery of
the software to the user but they don't affect the user's experience
with the software once installed.  So the need to document for the
end-user what's going on is not the same.  If changing to a single key
changed the security ramifications to the user or changed how they
interact with the software, then a Feature Request and FESCo review may
have been warranted.

Similarly, other changes that do have a large impact on others (not just
end-users but Fedora developers too), are run by FESCo for approval
before being implemented.  Things like the provenpackager acl changes
are a good example of something initiated by Jesse that were discussed
at length before being approved by FESCo and implemented.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the fedora-devel-list mailing list