New Key Repo Locations

Warren Togami wtogami at
Fri Aug 29 04:15:23 UTC 2008

Jeroen van Meeuwen wrote:
>>> Will the ISOs be respun to reflect the changes as well so that what is 
>>> in os/ or in os.newkey/ meets what each of the ISO expects? I guess this 
>>> is primarily relevant to respins, netinstalls and so forth, as the old 
>>> RPM-GPG-KEYs will be in the root of those ISOs and I can only presume 
>>> they are used, and people will want to use os.newkey/ as the tree to 
>>> install from.
>> At this time, the isos will not be respun.  We will however re-sign the
>> SHA1SUM file with the new gpg key.  We are certain that the content on
>> the ISOs (and the numerous hard copies floating about) are safe.  The
>> only content to be left in the repos these isos will be able to access
>> out of the box will be the transition fedora-update release, and the
>> fixed packagekit for gpg importing.  We'll also have mirrormanager
>> direct all requests for the old dir directly to mirrors which we have
>> ultimate control over.
> I'm not sure how that solves the net install use case, especially if 
> mirrormanager is going to redirect to os.newkey/, as signatures used on 
> os.newkey/ packages will not meet what the installer expects the 
> signature to be on these files.

You misunderstand the New Key plan.  Mirrormanager for the existing 
repos fedora, updates and updates-testing will not redirect to the new 
location.  Please read the plan again carefully.

Warren Togami
wtogami at

More information about the Fedora-infrastructure-list mailing list