Skip to content
Snippets Groups Projects
Commit f021a5a6 authored by Arnaud Ferraris's avatar Arnaud Ferraris Committed by Emanuele Aina
Browse files

flatpak: Add more information about multiple verification keys


Using multiple occurrences of the `--sign-verify` option can be used to
configure a remote while a new signature key is being rolled out. Add a
paragraph explaining that use case.

Signed-off-by: default avatarArnaud Ferraris <arnaud.ferraris@collabora.com>
parent a8991da4
No related branches found
No related tags found
1 merge request!197guides: Add flatpak signature guide
Pipeline #237968 passed
......@@ -112,7 +112,12 @@ either the public key directly, or a file containing the public key:
which at least one can be used to verify signatures for this repository
Multiple `--sign-verify` occurrences are allowed in order to specify as many
public keys as needed.
public keys as needed. This can be useful when a new signature key is being
deployed, while the old one is still in use: by specifying both the old and the
new key, users can make sure at least one of those will be able to verify the
signatures. That way, once the old key is revoked and only the new one is used
for signing the repository, the corresponding remote will keep working as
expected.
This option can also be added when using the `flatpak remote-modify` command.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment