New Key Repo Locations

Axel Thimm Axel.Thimm at
Fri Aug 29 13:32:19 UTC 2008

On Fri, Aug 29, 2008 at 12:54:40PM +0200, Jeroen van Meeuwen wrote:
> Axel Thimm wrote:
>> W/o knowing all details, why not move os to os.oldkey and use os as
>> the new key's content? If the key is considered compromised what
>> mirror admin would like to keep the old signed packages around anyhow?
> I think then the problem becomes that every existing installation points  
> to os/ where it would need os.oldkey/ to get the packages it can check  
> gpg keys on.

But isn't this desired behaviour? We don't actually want os.oldkey/ to
be used anymore (mid-term) as we need to revoce the key in case it has
been stolen. Maybe we don't need os.*key at all.

E.g. if a key has been stolen, burn all signed stuff and recreate them
with a new key.
Axel.Thimm at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <>

More information about the Fedora-infrastructure-list mailing list