New Key Repo Locations

Jeroen van Meeuwen kanarip at
Fri Aug 29 14:13:15 UTC 2008

Axel Thimm wrote:
> If ATM the key is considered stolen, the users need to stop using the
> key immediately anyway. Issuing a new package signed with the old key
> is just keeping the racing window open.
> (...snip...)

I agree with you for the most part, but I'll leave the risk assessment 
and corresponding consequential response paradigm to the ones that know 
best what happened and are actually in a position to decide whether or 
not to revoke keys and nuke content or to make it an easy transition now 
just to be safe rather then sorry.

Kind regards,

Jeroen van Meeuwen

More information about the Fedora-infrastructure-list mailing list