New package distribution-gpg-keys

Dennis Gilmore dennis at ausil.us
Sat Oct 17 00:37:15 UTC 2015 

fedora-repos should have all the keys needed for upgrade. So the only thing needing the keys is mock. However I'm not sure you should include rpmfusion keys in Fedora.

Dennis

On October 16, 2015 2:26:16 AM CDT, "Miroslav Suchý" <msuchy at redhat.com> wrote:
>Dne 15.10.2015 v 23:23 Alexander Ploumistos napsal(a):
>> Hello,
>> 
>> Please forgive my ignorance, but how is this supposed to be used? I
>> guess it's handy to keep track of all the current keys, but unlike,
>> say rpmfusion-free-release, the keys are not placed or linked in
>> /etc/pki/, nor are they imported in a gpg keyring. What am I missing?
>> 
>> Also, shouldn't there be "SourceX" entries for each key in the spec
>file?
>> 
>
>
>Right now at least two projects (mock and fedora-upgrade) contains and
>use those keys.
>So once this get into Fedora (and Epel) I can remove those keys from
>fedora-upgrade and mock and use this common package.
>
>Mock need CentOS and Epel keys when installing epel chroot and vice
>versa when installing fedora chroots on RHEL/CentOS.
>It can not use epel-release because it is not available on Fedora.
>
>The other keys (rpmfusion and in future Copr) are there just because we
>can. It is meant as safe way of delivery.
>Instead of manual downloading from web and verification that the
>download is correct (do you really do that?) you
>download distribution-gpg-keys package. Dnf will automatically check
>that gpg key of this package so you can be sure
>that those keys are downloaded correctly and has not been altered by
>man in the middle.
>
>I do not want to place them to /etc/pki and automatically import them.
>I will leave it up to user if he really want to
>import them (or some of them) or other tools. E.g. fedora-upgrade
>automatically import some of them.
>
>I announced it here, because in past I seen several people asking about
>such collection of GPG keys. They usually ended
>with mock collection. So I thought that this may be useful for somebody
>too.
>
>-- 
>Miroslav Suchy, RHCA
>Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys
>-- 
>devel mailing list
>devel at lists.fedoraproject.org
>https://admin.fedoraproject.org/mailman/listinfo/devel
>Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20151016/5b8291b6/attachment.html>

More information about the devel mailing list