Yes this is actively used by the Yocto Project. It allows us to have a single
location in the system that contains all of the software keys, and can be
updated dynamically by authorized systems/components. Having to load keys
(manually) into the rpm database, makes it very difficult to support devices
that can't be serviced and have no console. Instead we can remove old keys and
install new keys [passing appropriate selinux/ima/etc security methods] by
updating files.
It also allows developers to open up devices for user control by installing
secondary keys for user-packages to 'unlock' an otherwise locked device.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/857#issuecomment-535605541
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
