On Fri, 2004-10-29 at 08:23 -0400, Jeff Spaleta wrote:
On Fri, 29 Oct 2004 14:13:47 +0200, Nils Philippsen nphilipp@redhat.com wrote:
Come on, you know that you needn't do it that way. For Rawhide, all we (that is some people including me) want to have is that the packages that originate in the Red Hat build system are signed with a short-lived key that we can be sure that the package is in fact the one piped through the build system. This can be made part of the pushing step in the process.
Short lived? I think this is the first time I've seen someone mentioning a short lived key. How short lived?
I should have written "potentially short-lived", less because I think the key would be compromised, more because I would like to have the key for Rawhide changed for every development cycle. So people would have to regularly think about whether they really want to run Rawhide or not ;o).
Nils