On 8/21/19 2:50 AM, Petr Mensik wrote:
> 
> I think f32 key should NOT be used until this is fully separated and
> compose for older versions exist. Unless that key was leaked somehow,
> there is no hurry, right? That hurry makes pain to many people without
> justification for it,
> I think.

Well, sure, I suggested we might want to 'pause' rawhide composes until
we have a branched next time, but that isn't great either because it
means people wanting to work on rawhide also have to wait for it.
> 
> There would always be mass rebuild in later stage of F32, no need to
> switch key immediately. I think new key should not be enabled for
> signing in new Rawhide until all supported versions have that key in
> stable updates repo. That is not yet true now.

Sure, and we could push the new fedora-repos update sooner.
I don't disagree.
> 
> I am thinking, is there written guidance how to switch signing key on a
> branch? Are we prepared for emergency in case that key was leaked?

We had to do this in fedora 9(?). Basically a new key was issued and
everything was resigned with that key and the repo was fedora9-newkey.

kevin


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Reply via email to