Since we got the answer for this issue - th-admin, please publish separate GPG files.
As for the reversed meaning of --nosignature, assistance required. Or RFC on enabling them unconditionally, following upstream rpm5. On Tue, Aug 30, 2016 at 06:56:11 -0400, Jeffrey Johnson wrote: >>> http://pld-devel-en.pld-linux.narkive.com/ZssnN7t4/rpm-va-bad-key-id >> [...] >> The same problem, but completely wrong diagnosis. >> >> ~: rpm --import PLD-3.0-Th-GPG-keyRSA.asc >> ~: rpm --import PLD-3.0-Th-GPG-keyDSA.asc >> ~: rpm -q gpg-pubkey >> gpg-pubkey-e4f1bc2d-47b351f0 >> gpg-pubkey-eae6f8b8-47b35206 >> >> That should be done when importing PLD-3.0-Th-GPG-key.asc - two distinct >> keys, DSA and RSA. As you see I split them manually and now it verifies >> correctly, so rpm simply can't handle properly multi-key import. >> > > Yep: RPM has never handled subkeys nor concatenated armored pubkeys. > > So > Don???t do that! > (i.e. use separate imports for each pubkey instead) should suffice. -- Tomasz Pala <go...@pld-linux.org> _______________________________________________ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en