Alan Cox venit, vidit, dixit 21.08.2008 14:56: >> If there is an issue severe enough which warrants stopping updates >> (which indicates that rpm signing keys have been compromised) why >> should we trust those fingerprints and servers? > > Because you have no other basis of trust at all if you don't believe > the master keys ?
Exactly this is how I came to trust e.g. the rpm signing keys in the first place: there was no other basis but to trust the master keys in a "no news is good news" situation where everybody trusted them and no problems arose. Now there is news - seemingly bad news - and there are problems. Trust is easily lost but hard to restore. Debian folks can tell you... > Or you set up a new infrastructure and create the 'provisional fedora > project' or whatever. Don't trust me! ;) Michael -- fedora-list mailing list [email protected] To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
