Hey, 2011/1/31 nicolas vigier <[email protected]>: > - In case we think the packages@ key may have been compromised, or is > too old, or we want to change it for any other reason, we revoke the > key, and/or revoke the signature from board@ so that it is no > longer accepted by urpmi. We create a new key, we sign it with > the board@ key and we can start to use this new key.
Will all existing packages be reviewed and resigned when they key is thought to have been compromised? What happens on user systems when this is done? Will they have to reinstall all packages signed with the new key? Christophe
