On 7/23/05, Ignacio Vazquez-Abrams <ivazquez@xxxxxxxxxxxx> wrote: > On Sat, 2005-07-23 at 18:41 -0400, Jeff Spaleta wrote: > > On 7/23/05, Warren Togami <wtogami@xxxxxxxxxx> wrote: > > > In case you missed the discussion, this does not solve the problem. > > > I've run into this on #fedora and I have yet to see importing of all > > the provided keys fail to resolve the problem. > > No, it only applies a bandage over it. The actual problem is that the > packages are signed by 2 different keys. The solution is to re-sign > them. There are solutions.. and there are workarounds. I was originally commenting on Miller's comment about an 'easy suggestion' to tell users who encounter this problem. You are right the only real 'solution' is to rebuild the packages AND rebuild the isos. But I know thats realistically not going to happen. So we can either beat our heads against the brick wall and shake or fists every-so viciously in the air... or we can note in several places that the easiest way to 'workaround' the problem is to manually import all the keys installed on the system by the fedora-release package and just move on. I'd like to point out that while yum supporting multiple keys is probably a useful option for frankenstien local repos that people patch together(like on my home lan) it wouldn't have prevented this problem. The packages in the fc4 release were suppose to all be the same key.. the yum config in the shipped fedora-release would have just had one key defined... and I suspect that come fc5 fedora-release will continue to only have one key defined in the provided yum config because the expectation about how the packages are supposed to be signed hasn't changed. The only long-term solution is to build in some scripted checks to make sure that all the packages in the iso are signed with the same key at iso generation time. That way every iso as part of the fc5 testing and release process can be checked for signing consistency before the iso is public. -jef
