-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Schwendt wrote: > On Sun, 01 Feb 2004 12:32:09 +0000, WipeOut wrote: [...] >> rpm on RH7.2 does not appear to have a "--import" option.. >> >> I installed the new yum package manually which seemed to work.. >> Will have to see what happenes when an update is released.. > > With the older RPM, you need to import the key into your GPG > key-ring. Download it and "gpg --import FILE". Just to clarify this for the archives (and to make sure I have this right), yum 1 uses root's gpg keyring for checking. yum 2 uses the rpm database. On a stock RH 8.0 install with rpm-4.1 and yum 1, you'd need to use rpm --import if you wanted to check a sig using rpm -K, for example, when you initially install yum on the system (you do check the gpg signature before installing, right? :). Then you'd use gpg --import so that yum could check signatures of packages it was installing. Sort of a mess, really. If you use yum for everything, you'd only need to do one rpm --import and that would be for the key used to sign the yum package. All other keys would be imported using gpg --import. But you'll still get a surprise the first time you go to use rpm -K to check a signature. Perhaps this is something that might be weighed in deciding whether to push out yum 2 and rpm 4.1.1 on RH 8.0? At the least, it'll probably have to be explained in some clearer way for the instructions that end up on the web page. - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ====================================================================== Eighty three million gun owners didn't shoot someone yesterday. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQFAHUV6uv+09NZUB1oRAuMPAJ4oCpXyqTjloZPPqNux+VhJoHEYMgCg5Buc TSy7XWQdlKt6lkZoEKajw9k= =pTax -----END PGP SIGNATURE-----