yum GPG verify and package sigs...
Matthew Miller
mattdm at mattdm.org
Sat Jul 23 13:49:29 UTC 2005
On Sat, Jul 23, 2005 at 01:20:24AM -1000, Warren Togami wrote:
> I *like* that yum enforces this strictly, but are there any good reasons
> why we should allow packages in a repo to be signed by two or more valid
> keys rather than a single key?
[...]
> Did we screw up by not resigning everything in base before pushing FC4,
> or is this really a yum config problem?
> Any ideas how we should fix this now? Should we resign the entire repo
> and push that to mirrors?
[...]
> Or maybe less radically update yum so the repo file allows both keys?
> (Use this as a one-time kludge for FC4, and in the future make sure each
> repo uses *one* key.)
The very latest version of yum, 2.3.4, can handle multiple GPG keys. FC4 has
2.3.2; perhaps updating it is the easiest solution.
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
Current office temperature: 78 degrees Fahrenheit.
More information about the Fedora-maintainers
mailing list