New Key Repo Locations
Jeroen van Meeuwen
kanarip at kanarip.com
Fri Aug 29 14:13:15 UTC 2008
Axel Thimm wrote:
> If ATM the key is considered stolen, the users need to stop using the
> key immediately anyway. Issuing a new package signed with the old key
> is just keeping the racing window open.
>
> (...snip...)
>
I agree with you for the most part, but I'll leave the risk assessment
and corresponding consequential response paradigm to the ones that know
best what happened and are actually in a position to decide whether or
not to revoke keys and nuke content or to make it an easy transition now
just to be safe rather then sorry.
Kind regards,
Jeroen van Meeuwen
-kanarip
More information about the Fedora-infrastructure-list
mailing list