Jeffrey Walton wrote: > This always baffles me... Fedora includes irrelevant keys. For > example, old keys and keys for different arches. Something feels wrong > about trusting them. You don't have to trust them if you don't want. :) Other than for upgrades, they're not automatically used, so trust isn't really an issue. Having them there won't cause you to use them for installing packages. For that, they'd need to be installed in the rpm database -- which they likely are if you continuously upgrade. It's not a bad idea to prune them occasionally. There's a script to do that in the remove-retired-packages package. It isn't too aggressive though. In f37, it removes f30-f33 keys. The script is /sbin/fedora-remove-old-gpg-keys. -- Todd
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
