> An additional thing, once a key is revoked by a distro (for whatever reason),
> they usually sign new rpms with the new key. However it does not mean that
> the older rpms signed by the old key are no longer secure to use. Unless
> of-course the old key has been compromised by the attacker
An additional thing, once a key is revoked by a distro (for whatever reason),
they usually sign new rpms with the new key. However it does not mean that the
older rpms signed by the old key are no longer secure to use. Unless of-course
the old key has been compromised by the attacker and they