On Thu, Feb 15, 2024 at 07:57:37PM +0000, Zbigniew Jędrzejewski-Szmek wrote: > It's this time of the year again: ... > > Could we please do something so that this doesn't happen? > Dunno, generate and distribute the keys earlier so that mock > and https://fedoraproject.org/fedora.gpg get updated _before_ > we need it?
That won't do it. We need mock to update it's config at exactly the same moment a successfull rawhide compose completes and mirrors to whatever mirror you are hitting. ;( We make keys a year ahead now. The f42 key is in fedora-release already. > I know this subject comes up approx. twice a year (or once once for F21 ;) ), > e.g. [2]. I know this can be "fixed" with some manual steps, but I posit > that this should never occur in the first place. I guess one possible solution would be for rpm to support multiple signatures and koji to support writing out those rpms and then we could sign new rawhide with both keys at least for a while. I guess I had that idea 7 years ago: https://github.com/rpm-software-management/rpm/issues/189 Or I suppose we could move to just one key for everything, but then it would have a larger effect if we ever had to revoke/reissue. At the very least, perhaps mock could try and identify this problem and note to upgrade mock-core-configs? Dunno. I agree it's not good, but it's not easy to solve either. kevin
signature.asc
Description: PGP signature
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
