non-disclosure of infrastructure problem a management issue?
Alan Cox
alan at lxorguk.ukuu.org.uk
Thu Aug 21 12:56:42 UTC 2008
> If there is an issue severe enough which warrants stopping updates
> (which indicates that rpm signing keys have been compromised) why should
> we trust those fingerprints and servers?
Because you have no other basis of trust at all if you don't believe the
master keys ?
Or you set up a new infrastructure and create the 'provisional fedora
project' or whatever.
More information about the fedora-list
mailing list