> If there is an issue severe enough which warrants stopping updates > (which indicates that rpm signing keys have been compromised) why should > we trust those fingerprints and servers?
Because you have no other basis of trust at all if you don't believe the master keys ? Or you set up a new infrastructure and create the 'provisional fedora project' or whatever. -- fedora-list mailing list [email protected] To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
