> I don't think it makes sense to have a revoked key in the database at all,
> you might as well just delete the key from the database. So we could state
> that it's up to the layer above rpm that manages the keys to handle this
> (libzypp does handle key updates, I don't know about dnf).
Perhaps a better option would be to replace the revoked key with an invalid
stub entry, so future attempts to re-add the key fail. This also lets us
provide better error messages to the user.
> But I do think rpm should check the expiry date of a key. We could make it
> configurable how rpm deals with an expired key.
Agreed.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1598#issuecomment-872999190
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint