* Christophe Fergeau ([email protected]) wrote: > Hey, > > 2011/1/31 nicolas vigier <[email protected]>: > > - In case we think the packages@ key may have been compromised, or is > > too old, or we want to change it for any other reason, we revoke the > > key, and/or revoke the signature from board@ so that it is no > > longer accepted by urpmi. We create a new key, we sign it with > > the board@ key and we can start to use this new key. > > Will all existing packages be reviewed and resigned when they key is > thought to have been compromised? What happens on user systems when > this is done? Will they have to reinstall all packages signed with the > new key?
Re-signing packages will not change their name-evr-arch, so on urpmi/rpm side packages does not have to be updated. But from a user point of view they installed packages (then checked it) before the compromission, ie when packages were trustable. So in case of compromission packages must be resigned but I don't think users have to reinstall it as their content won't changes. In the case a packages is compromised (a package with malware is introduced on the mirror) then we'll have to provide an update with a clean package and in this specific case users will have to update it. > > Christophe -- Olivier Thauvin CNRS - LATMOS ♖ ♘ ♗ ♕ ♔ ♗ ♘ ♖
pgpYNqHeMsKnI.pgp
Description: PGP signature
