[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: yum GPG verify and package sigs...

From: Warren Togami <wtogami redhat com>
To: List for Fedora Package Maintainers <fedora-maintainers redhat com>
Subject: Re: yum GPG verify and package sigs...
Date: Sat, 23 Jul 2005 16:03:29 -1000

Ignacio Vazquez-Abrams wrote:

On Sat, 2005-07-23 at 18:41 -0400, Jeff Spaleta wrote:

On 7/23/05, Warren Togami <wtogami redhat com> wrote:
In case you missed the discussion, this does not solve the problem.

I've run into this on #fedora and I have yet to see importing of all
the provided keys fail to resolve the problem.

No, it only applies a bandage over it. The actual problem is that the
packages are signed by 2 different keys. The solution is to re-sign
them.

Jef was correct, and I was misunderstanding yum's behavior. Perhaps the error message text is misleading.

This however leads me to wonder, would it be good if yum could enforce that all packages in this defined repository must be this key? Would this gain us anything if yum had a "stricter" option to enforce this?

Warren Togami
wtogami redhat com

References:
- yum GPG verify and package sigs...
  - From: Warren Togami
- Re: yum GPG verify and package sigs...
  - From: seth vidal
- Re: yum GPG verify and package sigs...
  - From: Matthew Miller
- Re: yum GPG verify and package sigs...
  - From: Jeff Spaleta
- Re: yum GPG verify and package sigs...
  - From: Warren Togami
- Re: yum GPG verify and package sigs...
  - From: Jeff Spaleta
- Re: yum GPG verify and package sigs...
  - From: Ignacio Vazquez-Abrams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]