Jeff, > There is also no reason why you have to use rpm's crypto. See > /usr/lib/rpm/tpgp for a script that verifies the signature in > a package using gpg, rather than rpm+beecrypt, if that > fits your "trust" definition better. > Thanks for the additional info. What you suggest here may indeed be the easiest path to take currently. I don't have the time right now to get up to speed enough of openpgp packets to really figure out what is or isn't going on, and using gpg to do the checks would certainly solve the problem. --erik _______________________________________________ Rpm-list mailing list Rpm-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/rpm-list
