Yum public keys -

Todd Zullinger tmz at pobox.com
Fri Nov 17 14:43:19 UTC 2006

Hash: SHA1

Bob Goodwin wrote:
> I worked around the problem by installing 
> libid3tag-0.15.1b-3.fc6.rf.i386.rpm and lame from 
> "http://ftp.riken.go.jp/pub/Linux/dries/fedora/fc6/i386/RPMS.dries/" 
> with the repective rpm's.
> Yum is easy if it works but installing from rpm's is less complicated 
> when there's a problem such as this.

I'd argue that yum does work well in almost all cases, but it does
require that the repositories that it's pulling from are setup
properly.  Much of this needs to be done by the repo maintainers,
though there is some work that needs to be done by users.  It's
important not to enable repos that aren't designed to play nice
together.  I stick with Core, Extras, and Livna because they are
designed to work together.  Adding Dries, FreshRPMS, or other rpmforge
repos sometimes conflict with things in core, extras, or livna.

The workaround above may have saved you some head scratching, but it
circumvented an important security check.  Yum was complaining because
it could not verify the integrity of the package via its GPG
signature.  Installing manually you skipped that check. How would you
know if that package was trojaned?

Installing packages manually that have problems in yum could also make
it difficult for yum to do its job in the future by introducing
packages that have dependencies outside of the repos that yum knows

The better solution (to me) would be to find out why installing
audacity from extras was trying to pull in a libid3tag package other
than the one available in extras[1].  There is a repo in your
configuration that is not installed correctly/completely.  A properly
configured repo would make its key available so that when you try to
install a package from that repo and need the key installed, it can
prompt you and install that key.

[1] http://download.fedora.redhat.com/pub/fedora/linux/extras/6/i386/libid3tag-0.15.1b-3.fc6.i386.rpm

- -- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
When buying and selling are controlled by legislation, the first
things to be bought and sold are legislators.
    -- P.J. O'Rourke, Parliament of Whores

Version: GnuPG v1.4.5 (GNU/Linux)


More information about the fedora-list mailing list