Why different keys for -testing and non-testing?

Steve Grubb sgrubb at redhat.com
Sat Jan 17 15:31:06 UTC 2009

On Saturday 17 January 2009 10:19:21 am Douglas E. Warner wrote:
> On 01/16/2009 Jesse Keating wrote:
> > Given that we can't revoke, yes, we plan to use new keys each release.
> > We can use gpg web-o-trust thing and sign the new keys with the old
> > keys and whatnot, does that actually help people?
> Why couldn't we revoke keys?  Even if RPM itself doesn't have the
> capability, we could have yum periodically check for updates on installed
> keys on keyservers through a plugin, I would imagine.

I have a machine that has been migrated for a long time. It has 9 
gpg-pubkey packages installed. Which ones are valid? Why don't they get 
retired by obsoletes or something? Could someone use my ancient gpg-pubkeys 
as a basis for an attack on repo metadata 
and provide an older package with known security holes? 

Old keys should be retired. We should also make import of keys an auditable 


More information about the fedora-devel-list mailing list