> rpm uses beecrypt, not gpg, and supports only a subset of RFC-2440 > (aka OpenPGP). > > Specific limitations of note include: > a) V3 signatures. > b) few, possibly none, additional signings. > c) DSA/SHA1 and RSA/MD5 only. > d) no concept of "trust" bit. > > There may well be other limits, like 2048-bit RSA keys. > Is there a way to find out more concretely what these limitations are? I've written a script to automate installing gpg keys into rpm via a keyserver, and have run into the multiple signatures problem in several instances. My script uses GPG to strip off all non-self signatures, which seems to work in some cases, but in others it doesn't. If I could figure out exactly what needs to be stripped, it would help a whole lot. If anyone is interested, the current script is available at http://www.ilsw.com/~erik/fedora-installkey Thanks --erik _______________________________________________ Rpm-list mailing list Rpm-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/rpm-list
