Why different keys for -testing and non-testing?
sgrubb at redhat.com
Sat Jan 17 15:31:06 UTC 2009
On Saturday 17 January 2009 10:19:21 am Douglas E. Warner wrote:
> On 01/16/2009 Jesse Keating wrote:
> > Given that we can't revoke, yes, we plan to use new keys each release.
> > We can use gpg web-o-trust thing and sign the new keys with the old
> > keys and whatnot, does that actually help people?
> Why couldn't we revoke keys? Even if RPM itself doesn't have the
> capability, we could have yum periodically check for updates on installed
> keys on keyservers through a plugin, I would imagine.
I have a machine that has been migrated for a long time. It has 9
gpg-pubkey packages installed. Which ones are valid? Why don't they get
retired by obsoletes or something? Could someone use my ancient gpg-pubkeys
as a basis for an attack on repo metadata
and provide an older package with known security holes?
Old keys should be retired. We should also make import of keys an auditable
More information about the fedora-devel-list