kparal added a new comment to an issue you are following:
``
Question: Does rpm/dnf handle the case where the key file is named
the same, but changes content? ie, say we land this soon and when we branch f32 off we
switch rawhide to a new key with the same filename. Does dnf reimport it? say it's
already imported and fail?
I tested it and it works fine. If a package is signed with a key that's not imported,
it checks the file specified in `gpgkey=`. If the key is already imported (based on the
file **content**, not a filename), it fails the transaction. If the key is not already
imported, it asks you for confirmation to import it. This works even when the gpg file
content changed a second ago (it reads it every time some key is missing).
But I'm not sure how you handle the transition period itself. Will you sign
fedora-gpg-keys with the old key (so that it can be installed on existing systems) and the
rest of packages with the new key? That would break fresh installations. What other choice
there is?
``
To reply, visit the link below or just reply to this email
https://pagure.io/releng/issue/7445