On 10/31/2017 10:15 AM, Roberto Ragusa wrote:
On 10/31/2017 09:52 AM, Miroslav Suchý wrote:
> I just stumbled upon
>
https://unix.stackexchange.com/questions/400634/does-anyone-bother-to-rem...
> with the nice link to:
>
https://blog.laimbock.com/2014/05/02/how-to-remove-an-imported-gpg-key-fr...
> And I wonder: is it a good idea to keep old gpg keys in RPM db? Or should we automate
the removal of old keys?
They indeed pile up after many upgrade cycles:
# rpm -qa gpg-pubkey --qf "%{version}-%{release} %{summary}\n"|wc -l
64
Do we issue revocations for old keys? If not, let's do that and extend
dnf to honor those and clean up?
--
David Cantrell <dcantrell(a)redhat.com>
Red Hat, Inc. | Boston, MA | EST5EDT