On Fri, Oct 16, 2015 at 07:37:15PM -0500, Dennis Gilmore wrote: > fedora-repos should have all the keys needed for upgrade. So the only thing > needing the keys is mock. However I'm not sure you should include rpmfusion > keys in Fedora.
On a related note, something that I thought about when trying to verify old Fedora keys... Would it be possible for people who create those keys (or other people from release-engineering who can verify that they keys are correct) to sign them with their private keys and upload the resulting signatures to public key servers? It would provide an additional verification path. Distribution package signing keys are important enough for this to be worth the extra work imho. Zbyszek -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
