Re: Brave blocking upgrade

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2020-04-22 11:49, ToddAndMargo via test wrote:
> On 2020-04-21 19:32, Ed Greshko wrote:
>>
>>
>> On Wed, Apr 22, 2020, 09:41 ToddAndMargo via test <test@xxxxxxxxxxxxxxxxxxxxxxx <mailto:test@xxxxxxxxxxxxxxxxxxxxxxx>> wrote:
>>
>>     On 2020-04-21 18:36, Ed Greshko wrote:
>>      > On 2020-04-22 08:21, ToddAndMargo via test wrote:
>>      >> Now the 64,000 dollar question is, is this a bug
>>      >> or normal operation?
>>      >
>>      > It is an issue for the Brave distribution to address.  Not
>>     related to Fedora.
>>      >
>>
>>     So, rpm was not suppose to overwrite the key?
>>     Sound a lot like an rpm bug to me.
>>
>>
>> You will recall that the public key in installed as a separate act.
>
> Not to beat a dead horse, but was that act performed by
> "rpm" (a Fedora package) suppose to have overwritten
> the previous key or just existed without an error
> message?

No.  Software packaged in the RPM format isn't by definition "Fedora".  RedHat did write the RPMstandard but it is used buy lots of folks to package their Software. 
This includes Suse, RPMFusion,and Brave.  It is up to the person creating the specific
package to determine the actions taken duringinstall, upgrade, erasure.

The public keys are used to check the signatures of the rpm packagers.  They are normally controlled by a separate function.

In the case of Fedora itself you have fedora-gpg-keys-31-3.noarch.

Name         : fedora-gpg-keys
Version      : 31
Release      : 3
Architecture : noarch
Size         : 101 k
Source       : fedora-repos-31-3.src.rpm
Repository   : @System
>From repo    : updates
Summary      : Fedora RPM keys
URL          : https://fedoraproject.org/
License      : MIT
Description  : This package provides the RPM signature keys.

In the case of RPMFusion, there are multiple.  One is rpmfusion-free-release.

Name         : rpmfusion-free-release
Version      : 31
Release      : 1
Architecture : noarch
Size         : 8.7 k
Source       : rpmfusion-free-release-31-1.src.rpm
Repository   : @System
>From repo    : rpmfusion-free
Summary      : RPM Fusion (free) Repository Configuration
URL          : http://rpmfusion.org
License      : BSD
Description  : RPM Fusion free package repository files for yum and dnf
             : along with gpg public keys

It doesn't appear that Brave does the same.

It also isn't necessary, and seldom are old key removed as they are unique.  I should have told you thatit was not necessary to erase the old Brave key as the old and the new had totally different names.

So, running

sudo rpm --import https://brave-browser-rpm-release.s3.brave.com/brave-core.asc

Would have added gpg-pubkey-c2d4e821-5e7252b8 in addition to the older one  c2d4e821-5d13a788

>
>>
>> Both the act of installing the key as well as the brave-browser are not supplied or supported by the Fedora Community.
>
> This is why my question is about the behavior of rpm not Brave

The behavior of "rpm" is defined by the person/project.  The Brave project, IMO, is deficient in this area.


-- 
The key to getting good answers is to ask good questions.
_______________________________________________
test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux