On Tue, 2008-09-09 at 19:56 +0530, Rahul Sundaram wrote: > Frode Petersen wrote: > > I can't remember having seen them mentioned in the info about the > > ongoing repackaging, so just to get it confirmed: Will the isos also be > > repackaged with new keys (inside the image, if relevant, and for the > > download)? > > No. This was mentioned in one of the announcements. => Anybody installing Fedora from iso will have the "seemingly compromised gpg key" installed in his rpm-database. => There will be a time-window during which such systems will be receptive to compromised packages.
This window could have been avoided by using a new gpg-key. Of cause, this actually does change much, because if the gpg-key should have been compromised, all existing installations of FC8/9 currently are receptive to such compromised packages. Ralf -- fedora-list mailing list [email protected] To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
