On Tue, 2007-07-03 at 07:39 -0400, James Bowes wrote: > On Tue, Jul 03, 2007 at 12:54:12AM -0400, seth vidal wrote: > > 1. gpg keyring outside of the rpmdb for verifying the repomd.xml > > - we could do either: > > 1. make gpg keyring on the fly from the pubkey entries in the > > rpmdb and > > save it > > 2. when we import the gpg keys to begin with we also import them > > into this > > gpg keyring > > While 1 sounds so terribly icky, I can imagine a case where somebody > might import a gpg key by hand, bypassing yum's chance to import the key > into its own keyring. So perhaps 1 is the better option.
And it lets us handle people who are upgrading to a version of yum that supports this. I've written a simple little 'import all keys from the rpmdb into one gpg keyring per key' script. It's very simple but should be very do-able to import for yum's use. http://linux.duke.edu/~skvidal/useful-scripts/import-to-keyrings.py James and I were talking on jabber about where things should go. He suggested putting things in a single keyring for all of yum in /var/cache/yum somewhere. This sounds reasonable to me. Any other thoughts on it? -sv _______________________________________________ Yum-devel mailing list [email protected] https://lists.dulug.duke.edu/mailman/listinfo/yum-devel
