Regarding QA

[Todd]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Schwendt wrote:
> Since GPG keys are imported into the RPM database ("rpm --import
> keyfile"), make sure you only import keys of people you want to
> import.

One minor point here, just so no new users get terribly confused when
things don't work right.  In the case of RH 7.x, you want to import
the keys to the gpg keyring, using gpg --import.  RPM < 4.1 didn't
store gpg keys in it's own database.

Also, as long as RH 8.0 is using yum1 (and god I wish we'd just reach
a consensus and get cracking on QA for one or the other set of
packages, yum2 + rpm 4.1.1 + apt or yum1 + apt built against
librpm404), then you'll have to maintain some keys in two places.

Yum will be using the gpg keyring since it's using the older rpm
library, so it's checks will need keys imported using gpg --import as
root.  Checks run using rpm -Kv will need to have the keys imported
via rpm into its database.

Damn confusing, I know.  Call that one of the pros of upgrading to
yum2 and rpm 4.1.1.  I'm not sure which set of pros and cons outweighs
the other.  Anyone keeping track?

- -- 
Todd        OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
That which seems the height of absurdity in one generation often
becomes the height of wisdom in the next.
    -- John Stuart Mill (1806-1873)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.

iD8DBQFAI8E2uv+09NZUB1oRAnuIAKDGtXQCPQVya146FLmrtGaWeLwQJwCg2FW9
2A+plBW7AglmlskZd5qRD+8=
=+Meh
-----END PGP SIGNATURE-----