rpm --nosignature reversed meaning
Jeffrey Johnson
n3npq at me.com
Tue Aug 30 12:30:24 CEST 2016
>
> But I believe the PLD-Th-GPG issue was discussed in spring 2015 on pld-devel.
>
This was the issue I was remembering:
http://pld-devel-en.pld-linux.narkive.com/ZssnN7t4/rpm-va-bad-key-id
That specific issue was resolved by disabling
signature verification during —verify, largely
to avoid reimporting PLD-Th-GPG which was
“unacceptable”.
(aside)
RPM traditionally never verified signatures with -Va.
I can refresh my memory of what the causes were: PLD-Th-GPG
is in one of my development trees. I don’t recall any significant
issues I had to repair (but damfino what I was doing 2+ years ago)
Meanwhile, many RSA issues were repaired between
rpm-5.4.14 and rpm-5.4.15.
So issues with RSA are “expected”.
73 de Jeff
More information about the pld-devel-en
mailing list