Up2date from local yum repository, no GPG
mlists at starmania.net
Sun Nov 16 17:12:01 UTC 2003
> > I still want to use GPG to check the regular fedora-core packages and
> > updates, but the local repository has RPM's that may or may not be GPG
> > signed, so I don't want to check GPG on those packages.
> Any reason for you to not just rpm --resign the packages with
> your own GPG key, and add your keys to the up2date/rpm
> recognized keys?
That is definitely an option, but it just adds another maintenance aspect
(ie. having to remember to sign, and to double check that if anybody else
has put files in that directory that they have told me so that I can sign
them)... since we don't care about the signature it seems like an extra
unnessesary hassle. I was hoping that since the yum authors gave the
option, that maybe the up2date authors would also have a way to individually
ignore GPG (hint hint nudge nudge to up2date authors :-).
>>>>> Mike <<<<<
More information about the fedora-list