Wednesday, 4 September 2024

Re: Enhancing cross-distro collaboration via foreign archive keyring availability

Hi,

On Wed, Sep 4, 2024 at 7:27 AM Luca Boccassi <luca.boccassi@gmail.com> wrote:
Hi,
(...)
Given all of this, the costs appear minor, especially compared to
other updates that are part of point releases. Is there perhaps some
angle or detail that I am missing here? I appreciate Robie

I think one cost that may be missing from this analysis is the burden of responsibility in the case of revoked keys. Should a key be revoked in, say, Fedora, Fedora users can obviously expect an expedited update to the keyring. But will the Fedora maintainers (again, just an example, pick $distro) remember to also propagate this update to every other non-fedora distro?