On 05/12/2009 07:13 PM, Thorsten Leemhuis wrote:
Hi!
fedora-release-11 is out now and I plan to push
rpmfusion-{non,}free-release-11 as well. The mirrormanager redirect is
in place (thx adrian!) so it should just work and people that run
rawhide now will stay on F11.
But rpmfusion for F11 uses different keys for signing than in F9 or F10.
The public keys for those signing keys are part of the
rpmfusion-{non,}free-release-10.9x/-11 package. But those will get
signed with the new key as well. And there is a big risk that the new
repo files (that point to the public keys) will get created as rpmnew
files on the systems of our users.
IOW: A lot of users (maybe all; not sure, maybe preupgrade does the
right thing) that update from earlier Fedora versions would have to do
something manual to get RPM Fusion running properly again after the
update. That is not ideal, hence I consider to do these things:
- mark the repo files for the initial rpmfusion-{non,}free-release-11
package as %config instead of %config(noreplace). That way we make sure
the new repo files get into the right place and actually used by yum; if
the old repo files had been modified then they get saved as .rpmsave
files and users would need to merge those changes into the new files
(but they would have to do that anyway, even if the files would be
marked as %config(noreplace))
- get the f11 public key into the rpmfusion-free-release packages for F9
and F10; that way users that update frequently will have the new key
installed already and everything should just work
Does that sound like a plan? Yes, I'm well aware that it has some
downsides, but afaics it's the one that works painlessly for most
people. Or am I missing a better way?
I assume you're planning on doing both these 2 things, right ?
Sounds like an ok solution to me.
Regards,
Hans