From Fedora Project Wiki

No edit summary
Line 7: Line 7:
Users need to accept the new signing key the first time updates are downloaded.  PackageKit prompts you whether or not to import the signing key.  To accept the key, press ''y'' at the prompt.
Users need to accept the new signing key the first time updates are downloaded.  PackageKit prompts you whether or not to import the signing key.  To accept the key, press ''y'' at the prompt.


After the new packages have been released for a period of time (not yet determined), a new package will be released to forcibly remove the old key from the system rpmdb.  This ensures the old key is no longer trusted/used by the system.
After the new packages have been released for a period of time (not yet determined), the Fedora Project will release a new package to forcibly remove the old key from the system's package database (or ''rpmdb'').  This method ensures the old key is no longer trusted/used by the system.


{{admon/tip | Key fingerprints can be checked against [https://admin.fedoraproject.org/fingerprints https://admin.fedoraproject.org/fingerprints].}}
{{admon/tip | Key fingerprints can be checked against [https://admin.fedoraproject.org/fingerprints https://admin.fedoraproject.org/fingerprints].}}


The plan for implementing the new key is very fluid, and therefore changes can be expected. This page will be updated as new information becomes available.
The plan for implementing the new key is still fluid, and therefore may change. Updates to this page will occur as new information becomes available.

Revision as of 19:03, 5 September 2008

The New Fedora Signing Key

The Fedora Project recently re-signed all of its packages with a new key. The story regarding the key can be found here. Contact the release engineering team via IRC in #fedora-devel (irc.freenode.org) or via email to rel-eng@fedoraproject.org for more information.

Enabling the New Signing Key

Users need to accept the new signing key the first time updates are downloaded. PackageKit prompts you whether or not to import the signing key. To accept the key, press y at the prompt.

After the new packages have been released for a period of time (not yet determined), the Fedora Project will release a new package to forcibly remove the old key from the system's package database (or rpmdb). This method ensures the old key is no longer trusted/used by the system.

Idea.png
Key fingerprints can be checked against https://admin.fedoraproject.org/fingerprints.

The plan for implementing the new key is still fluid, and therefore may change. Updates to this page will occur as new information becomes available.