Alan Cox venit, vidit, dixit 21.08.2008 14:56:
>> If there is an issue severe enough which warrants stopping updates
>> (which indicates that rpm signing keys have been compromised) why
>> should we trust those fingerprints and servers?
> Because you have no other basis of trust at all if you don't believe
> the master keys ?
Exactly this is how I came to trust e.g. the rpm signing keys in the
first place: there was no other basis but to trust the master keys in a
"no news is good news" situation where everybody trusted them and no
problems arose. Now there is news - seemingly bad news - and there are
problems. Trust is easily lost but hard to restore. Debian folks can
> Or you set up a new infrastructure and create the 'provisional fedora
> project' or whatever.
Don't trust me!
fedora-list mailing list
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list