For those who wonder how the Fedora project plans to migrate its users to a
new set of package signing keys, a proposed
plan has been posted. It involves an update to the fedora-release
package (signed with the old key) which
swaps in a new key and repository location, and a slow movement of older
packages to the new repository. It should work, as long as one is sure
that the old key can be trusted for a little longer.
(Log in to post comments)