rpm --nosignature reversed meaning

Jeffrey Johnson n3npq at me.com
Tue Aug 30 12:30:24 CEST 2016

> But I believe the PLD-Th-GPG issue was discussed in spring 2015 on pld-devel.

This was the issue I was remembering:


That specific issue was resolved by disabling
signature verification during —verify, largely
to avoid reimporting PLD-Th-GPG which was

RPM traditionally never verified signatures with -Va.

I can refresh my memory of what the causes were: PLD-Th-GPG
is in one of my development trees. I don’t recall any significant
issues I had to repair (but damfino what I was doing 2+ years ago)

Meanwhile, many RSA issues were repaired between
rpm-5.4.14 and rpm-5.4.15.

So issues with RSA are “expected”.

73 de Jeff

More information about the pld-devel-en mailing list