New Key Repo Locations

Jeroen van Meeuwen kanarip at
Fri Aug 29 13:42:31 UTC 2008

Axel Thimm wrote:
> On Fri, Aug 29, 2008 at 12:54:40PM +0200, Jeroen van Meeuwen wrote:
>> Axel Thimm wrote:
>>> W/o knowing all details, why not move os to os.oldkey and use os as
>>> the new key's content? If the key is considered compromised what
>>> mirror admin would like to keep the old signed packages around anyhow?
>> I think then the problem becomes that every existing installation points  
>> to os/ where it would need os.oldkey/ to get the packages it can check  
>> gpg keys on.
> But isn't this desired behaviour? We don't actually want os.oldkey/ to
> be used anymore (mid-term) as we need to revoce the key in case it has
> been stolen. Maybe we don't need os.*key at all.
> E.g. if a key has been stolen, burn all signed stuff and recreate them
> with a new key.

The problem then becomes that a fedora-release package update needs to 
come from the old location which is the only location a currently 
running client knows about, signed with the old key (which again is all 
the running client knows about at this point).

In addition, I think they are burning everything-but-the-relevant pieces 
(such as a fedora-release file with an updated repo config, and the 
packagekit update that is able to gpg key import).

Kind regards,

Jeroen van Meeuwen

More information about the Fedora-infrastructure-list mailing list