> Good issue, but the solution you seek is not here in yum. > There is an infinite supply of indifference to sage advice, > and ignorance to boot. true enough. But it makes my docs for my internal users easier: yum importkey http://install.linux.duke.edu/pub/ourkey yum update foo > > now all I need to find out is if I can specify only certain pubkeys to > > be used during checking. > > > > That'd be terribly handy. > > I don't see the handiness of key scope restriction -- Why do > you think so? It sounds like another 'complexification' with > no clear mandate. > > The discussion on key revocation is warming up over on the > fedora-devel list as well, where I have been pushing yum. > There is the 'paranoid' group, of which I am a member, and the > 'we'll solve that later' group. > I can think of a situation where I'd want to only check with a single key for certain packages but it's a moot point anyway. I can't do it with what rpm 4.2 offers - I could check the finger print after the key is checked, though. Which is close. so instead of just saying "is this rpm signed with a key that's in my db?" I could say "is this rpm signed with a key matching THIS fingerprint that's in my db?" Which has certain advantages. <shrug> Another potentially useful thing. But it might not be worth the work to get it done right. I'll be putting a daily out in a little bit with rpms. It'll be for rpm 4.2 - all the features that were available yum 0.9.4 are ported to the rpm 4.2 and much work has gone into cleaning up interfaces - still more to go but it's a substantial improvement. The next thing I'm doing is checking in the comps work I've done so far and integrate it. -sv
