On Tue, 31 Oct 2017, David Cantrell wrote:
> > # rpm -qa gpg-pubkey --qf "%{version}-%{release} %{summary}\n"|wc -l
> > 64
>
> Do we issue revocations for old keys? If not, let's do that and extend
> dnf to honor those and clean up?
What is the 'use case' for potentially preventing installation
against a already know key of a existing, but older 'noarch'
package; or one unpacking an older SRPM and NOT getting the
scary NOKEY warning? The size of the keys is trivial, even
though they do tend to accrete in a 'long running' instance
heck, I'll wager mostly those keys are never countersigned
into a web of trust, and sent to the constellation of GnuPG
key-servers in the first place
Going even further, and revoking the keys is 'fly-specking'
overkill
I have no problem with removing keys not _used_ on a given
host (such information being able to be compiled out of the
RPM database)
-- Russ herrold
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
