On Thursday 07 June 2007 14:08:06 Jon Ciesla wrote: > Trying to upgrade, yum complains: > Package scons-0.97-2.fc7.noarch.rpm is not signed > > This is from my local mirror, but the one from two other official mirrors > and d.f.r.c match it. > > rpm --checksig on all of these yields: > > scons-0.97-2.fc7.noarch.rpm: sha1 md5 OK > > Huh? > > Jon > > -- > novus ordo absurdum A few unsigned packages leaked out in the tree due to some tools errors and oversight. I have a new tree with signed packages and new repodata for the signed packages that I'll be uploading at some point today (once my day of meetings is over). There is some impact on users. Yum caches metadata (and packages) for a period of time (30 minutes). So changing the package checksum without changing the NVR can have some impact: With a warm cache, and no package in cache, it'll say your package doesn't match checksum. With a warm cache and a already cached (unsigned) package, it'll say the package is unsigned. Once cache expires, it Just Works(tm). This only effects the unsigned packages in the tree, all other operations on signed packages will be fine. -- Jesse Keating Release Engineer: Fedora
Attachment:
pgpE1evoaNRh3.pgp
Description: PGP signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list