Re: yum GPG verify and package sigs...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 23 Jul 2005, Warren Togami wrote:

> I just noticed that using yum's default FC4 configuration, it is seemingly
> impossible to install packages like docbook-utils which is signed by a
> different GPG key than the default specified to that repository in
> /etc/yum.repos.d/fedora.repo.  I suppose this is partially my fault because
> I'm the last person to touch that repo file, but it is strange to me that I
> never noticed this problem until now.
> 
> I *like* that yum enforces this strictly, but are there any good reasons why
> we should allow packages in a repo to be signed by two or more valid keys
> rather than a single key?
> 
> Did we screw up by not resigning everything in base before pushing FC4, or is
> this really a yum config problem?
> 
> Any ideas how we should fix this now?  Should we resign the entire repo and
> push that to mirrors?

Either: 

* Don't do that again (not resign everything) next time
* list multiple keys now that yum supports

See also a whole slew of bugs in Bugzilla (160898, 161786, 162302, 162301, 
160436, etc) caused by this

later,
chris


[Index of Archives]     [Fedora Users]     [Fedora Development]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux