yum GPG verify and package sigs...
Matthew Miller
mattdm at mattdm.org
Sat Jul 23 16:22:07 UTC 2005
On Sat, Jul 23, 2005 at 11:25:15AM -0400, seth vidal wrote:
> > Any ideas how we should fix this now? Should we resign the entire repo
> > and push that to mirrors?
> won't work - most mirrors don't re-sync core after the initial release.
Yeah; it'd have to be done by releasing updates for each of the packges.
(please don't do that).
> > Or maybe less radically update yum so the repo file allows both keys?
> > (Use this as a one-time kludge for FC4, and in the future make sure each
> > repo uses *one* key.)
> also won't work b/c a lot of people have modified their repo file.
Yeah, but at least they'd get the .rpmnew file, and we'd have an easy
suggestion for anyone who runs into the problem.
> I'd recommend just not makin this mistake again.
Always the best advice. :)
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
Current office temperature: 77 degrees Fahrenheit.
More information about the Fedora-maintainers
mailing list