[Mageia-dev] PGP keys and package signing

Christophe Fergeau cfergeau at gmail.com
Mon Jan 31 12:13:04 CET 2011


Hey,

2011/1/31 nicolas vigier <boklm at mars-attacks.org>:
>  - In case we think the packages@ key may have been compromised, or is
>   too old, or we want to change it for any other reason, we revoke the
>   key, and/or revoke the signature from board@ so that it is no
>   longer accepted by urpmi. We create a new key, we sign it with
>   the board@ key and we can start to use this new key.

Will all existing packages be reviewed and resigned when they key is
thought to have been compromised? What happens on user systems when
this is done? Will they have to reinstall all packages signed with the
new key?

Christophe


More information about the Mageia-dev mailing list