On Mon, Nov 02, 2020 at 07:33:18PM -0500, Neal Gompa wrote: > The major remaining issue for us to start enabling repository GPG > checks is that DNF doesn't use the RPM GPG keyring for repository > metadata GPG signature validation, which can cause issues with our > compose pipeline. I believe this is something we'll fix with DNF > version 5, as the whole GPG check code is being massively reworked for > that. Ok, makes sense for the default setup. But I think those are in fact two related but separate things: - signing repository metadata (infrastructure part) - checking that signature in DNF by default (Fedora configuration) Is it possible to enable the first one, but leave the second to the user, until DNF is adjusted for better UX around the keys? That would allow power users to enable metadata verification manually (and accept that key import prompt). Is there any dnf command similar to `rpm --import`, to preemptively import the key, or the only option is to accept the prompt? I can't find anything about it in dnf's man page... -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
