On Sat, 23 Jul 2005, Warren Togami wrote: > I just noticed that using yum's default FC4 configuration, it is seemingly > impossible to install packages like docbook-utils which is signed by a > different GPG key than the default specified to that repository in > /etc/yum.repos.d/fedora.repo. I suppose this is partially my fault because > I'm the last person to touch that repo file, but it is strange to me that I > never noticed this problem until now. > > I *like* that yum enforces this strictly, but are there any good reasons why > we should allow packages in a repo to be signed by two or more valid keys > rather than a single key? > > Did we screw up by not resigning everything in base before pushing FC4, or is > this really a yum config problem? > > Any ideas how we should fix this now? Should we resign the entire repo and > push that to mirrors? Either: * Don't do that again (not resign everything) next time * list multiple keys now that yum supports See also a whole slew of bugs in Bugzilla (160898, 161786, 162302, 162301, 160436, etc) caused by this later, chris
