When rpm started doing its own PGP verification in >= 4.0, it introduced
gpg-pubkey pseudo-packages in the rpmdb as the rpm keyring. These
pseudo-packages have been problematic throughout their existence and don't
really belong to the rpmdb, at least painted as something resembling packages
that they are not, and causing all manner of weird issues that shouldn't exist
in the first place.
Now that rpmkeys supports --delete and --list in addition to --import, we
actually have a user-level abstraction that allows us to get rid of those
gpg-pubkey thingies, and while this isn't related to the package format, 6.0
seems like an appropriate place to do this.
Details to be sorted out, but for one we already can populate the keyring from
the filesystem.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3313
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/3...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
