https://bugzilla.redhat.com/show_bug.cgi?id=1834731 --- Comment #91 from Simone Caronni <negativo17@xxxxxxxxx> --- Basically verification requires at least one signature to be valid. I will pipe the output of a script like the one above and just grep for at least one occurrence of "^gpgv: Good signature from". This way, also in the future, after lots of revocations, as long as one of the signatures is valid the release can be verified, and the one "grepped" can also be different every time. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=1834731 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
