Why do we need primary and secondary keys? Having 2 keys mandatory?

Although it is not mandatory to have two keys for a repository, it is easy to recover if the primary key is deleted, we can still sign the packages using the secondary key. The secondary key just acts as a backup key.


From the rpm/debian repository configuration section, we will be able to assign the GPG keys to the repository and we need to make sure the (debian/rpm) clients are configured accordingly.