more bad GPGs
alan
alan at clueserver.org
Tue Apr 20 17:50:18 UTC 2004
On Tue, 20 Apr 2004 Fulko.Hew at sita.aero wrote:
> With todays 68 new RPMs comes 68 new RPMs with BAD GPG signatures.
>
> There should be a ban on releasing new RPMs that are obviously bad.
> Using up2date makes you stop and ack each package.
It also just gives an "unknown signature" message. It does not tell you
what key ID it is so you can figure out if it is some other valid key that
has not been entered into the keyring or someone who has hacked the server
and is feeding you bogus rpms.
> At least the people using yum (apparently) get to ignore these errors.
>
> What is _really_ going on here, and how long will this be going on?
>
> And while I'm at it...
> Why doesn't up2date show the package size, and total size of packages
> requested anymore?
>
> If yum is the future... eliminate up2date.
> If up2date is still acceptible, please fix whatever is wrong.
>
> Sorry, for the rant... but it is legitimate.
Not a rant. It is a very valid problem.
More information about the fedora-test-list
mailing list