On 12/17/2012 10:58 AM, Adam Williamson wrote: > When you do a yum distro-sync according to the instructions on the wiki, > you are supposed to manually import the GPG key for the next release. If > you're doing things Properly, you should somehow verify you're importing > the correct key and not just blindly typing what a wiki page tells you > to, but of course what most people do is blindly type what the wiki page > tells them to... > > anyhow, the tricky thing here lies in somehow making it safe for fedup > to *automatically* import the correct key for the next release. This is > a subtlish problem.
Do the old keys sign the new keys? Would that be trustworthy enough? -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
