Along with that unconventional issue, the user is probably left with an
unknown: _How to determine how or by who the Red Hat GPG/DSA key was imported?_
Could it be me that imported a such package?
```
$ rpm -qa --scripts gpg-pubkey* --qf '%{version}-%{release} %{packager}\n'
5323552a-6112bcdc Fedora (37) <fedora-37-prim...@fedoraproject.org>
ba3c3a2c-5eb88cc6 https://packagecloud.io/shiftkey/desktop
(https://packagecloud.io/docs#gpg_signing) <supp...@packagecloud.io>
```
I understand that so-called _fake_ package is created in order to satisfy a
non-critical dependency. Then it would be expected to have as output here a
package it is required by. However it is not so. That's confusing.
```
$ rpm -q --whatrequires gpg-pubkey-5323552a-6112bcdc
no package requires gpg-pubkey-5323552a-6112bcdc
```
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2410#issuecomment-1458295913
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2410/1458295...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
