Fedora Changes the Locks
The Fedora Project has had a rough time over the last month. Beginning with the announcement of an unidentified "infrastructure systems issue," the project's problems continued through the revelation that one or more of the project's package-management servers had been hacked, leaving the security of the distribution's entire package system in doubt. Fedora's team has been hard at work repairing the damage, and now report they are one step further along, with the release of new updates signed with fresh keys.
The project has put together an instruction page explaining the process and answering key questions about the decision to issue new keys and re-sign all packages. It describes the move as a two-stage process, with the first — re-signing all updates — already completed, while the second — retrofitting existing packages to utilize the new keys — continues. Users are encouraged to update their systems as soon as possible; to that end, the Fedora team has prepared an update package — which can be obtained from the old repositories and verified with the old keys — that should make the transition nearly transparent for most users. Instructions are also provided for manual updating.