The two usual use cases are sysupgrade and sysupgrade -s, jumping
forward to the same key, or the key+.1. But sometimes you want to
update an older machine far forward (either with -s, or with -R), and
the required key might not exist on-disk. Since getting the key isn't
automated, people make some poor decisions to get the key. Previous
to 7.6 the situation was worse, (and obviously older releases will have
the old sysupgrade script, though you can copy this one to those machines
and it will work, but please do that securely..)
Moving forward this improves the workflow: a new set of keybundles
(signed by older keys) have been made available so that sysupgrade
can securely and automatically download the required key.
ok job tb beck sthen