Re: [Rpm-maint] [rpm-software-management/rpm] Installation / verification should not pass if the (sub)key(s) has been revoked or expired (#1598)

> An additional thing, once a key is revoked by a distro (for whatever reason), > they usually sign new rpms with the new key. However it does not mean that > the older rpms signed by the old key are no longer secure to use. Unless > of-course the old key has been compromised by the attacker

Re: [Rpm-maint] [rpm-software-management/rpm] Installation / verification should not pass if the (sub)key(s) has been revoked or expired (#1598)

An additional thing, once a key is revoked by a distro (for whatever reason), they usually sign new rpms with the new key. However it does not mean that the older rpms signed by the old key are no longer secure to use. Unless of-course the old key has been compromised by the attacker and they