From f021a5a645c5881840c6e0f50a68ec4e9b9fa3b5 Mon Sep 17 00:00:00 2001
From: Arnaud Ferraris <arnaud.ferraris@collabora.com>
Date: Wed, 24 Mar 2021 14:20:45 +0100
Subject: [PATCH] flatpak: Add more information about multiple verification
 keys

Using multiple occurrences of the `--sign-verify` option can be used to
configure a remote while a new signature key is being rolled out. Add a
paragraph explaining that use case.

Signed-off-by: Arnaud Ferraris <arnaud.ferraris@collabora.com>
---
 content/guides/flatpak.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/content/guides/flatpak.md b/content/guides/flatpak.md
index a1aa3294c..a06b3dbf1 100644
--- a/content/guides/flatpak.md
+++ b/content/guides/flatpak.md
@@ -112,7 +112,12 @@ either the public key directly, or a file containing the public key:
     which at least one can be used to verify signatures for this repository
 
 Multiple `--sign-verify` occurrences are allowed in order to specify as many
-public keys as needed.
+public keys as needed. This can be useful when a new signature key is being
+deployed, while the old one is still in use: by specifying both the old and the
+new key, users can make sure at least one of those will be able to verify the
+signatures. That way, once the old key is revoked and only the new one is used
+for signing the repository, the corresponding remote will keep working as
+expected.
 
 This option can also be added when using the `flatpak remote-modify` command.
 
-- 
GitLab