>From the PR:
> Technically we will always a rpmdb - so there can be gpg-pubkey packages in
> there no matter what you configured in the macros file
Nothing can put gpg-pubkeys into the rpmdb if it's not configured. We shouldn't
look there if not told to do so.
> Also an update of rpm that is changing the keystore might pull in a new keys
> right away - ending up with keys in two different keystores.
Any change in the default will only take place in the next transaction. So you
only have the previous, and the new.
This is something that only happens in a distro upgrade really.
> I do agree we want to be a bit more conservative with just adding random keys
> from somewhere. But should at least look for other stores and report them.
> May be require --force or something to actually use them.
I just fail to see a scenario where we would legitimately end up with keys in
multiple places.
I'm starting there should simply be an explicit `--from <type>` argument for
converting from one keystore to another, and no conversions ever happen without
it. For databases we probe, but that isn't without its problems, you can
actually lose there.
It's really up to the distros to arrange for the keystore conversion if they
choose to change it. The default will only change in a distro upgrade, and
that's where you'd put such a conversion too. That's exactly how we migrated
away from BDB, and this is quite similar.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3347#issuecomment-2511568057
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/3347/[email protected]>
_______________________________________________
Rpm-maint mailing list
[email protected]
https://lists.rpm.org/mailman/listinfo/rpm-maint
