But okay, there's no point in doing detailed review while there are higher
level questions open. I was expecting to see a similar 1:1 rebuild system with
optional conversion as the rpmdb has, but this merges multiple sources into
one. In all rpm versions, it's only been possible to have one keystore
configured at a time, and if we're pulling in anything else then we're making a
decision to trust those keys on behalf of the user (because currently imported
== trusted). That seems very wrong.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3474#issuecomment-2511122055
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/3474/c2511122...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
https://lists.rpm.org/mailman/listinfo/rpm-maint
